Unable to find valid certification path to requested target - error even after cert imported

Question

I have a Java client trying to access a server with a self-signed certificate.

When I try to Post to the server, I get the following error:

un

Answer 1

Solution when migrating from JDK 8 to JDK 10

• The certificates are really different
  • JDK 10 has 80, while JDK 8 has 151
• JDK 10 has been recently added the certs
  • https://dzone.com/articles/openjdk-10-now-includes-root-ca-certificates
  • http://openjdk.java.net/jeps/319

JDK 10

root@c339504909345:/opt/jdk-minimal/jre/lib/security #  keytool -cacerts -list
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 80 entries

JDK 8

root@c39596768075:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts #  keytool -cacerts -list
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 151 entries

Steps to fix

• I deleted the JDK 10 cert and replaced it with the JDK 8
• Since I'm building Docker Images, I could quickly do that using Multi-stage builds
  • I'm building a minimal JRE using jlink as /opt/jdk/bin/jlink \ --module-path /opt/jdk/jmods...

So, here's the different paths and the sequence of the commands...

# Java 8
COPY --from=marcellodesales-springboot-builder-jdk8 /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts /etc/ssl/certs/java/cacerts

# Java 10
RUN rm -f /opt/jdk-minimal/jre/lib/security/cacerts
RUN ln -s /etc/ssl/certs/java/cacerts /opt/jdk-minimal/jre/lib/security/cacerts