1. 技术文章
  2. Getting error: PKIX path building failed: unable to find valid certification path to requested target

Getting error: PKIX path building failed: unable to find valid certification path to requested target

空扰寡人 提交于 2019-12-18 09:53:47

问题


I'm trying to send a xml to another system via web service. But while trying to send i'm getting the following error. I've installed the certificate they gave to me. but still its not working.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

回答1:


There are two possible sources for this error:

  • either the opposite side is using genuinely untrusted certificate (self-signed or signed by untrusted CA),
  • or the opposite side is not sending certificate validation chain (e.g. there is intermediate signing certificate along the way to your trusted CA, but this ceriticate is not present in the SSL handshake).

Solution for the first case is to add the untrusted CA (or the ceriticate itself) to your JRE truststore (${java.home}/lib/security/cacerts) or better - create your own truststore (which will not get removed when upgrading Java) and provide that to your application via javax.net.ssl.trustStore JVM property.

Solution for the second case is either to go with the first case solution or better - convince the opposite side to send correct certificate chain.




回答2:


Add certificate to JRE truststore @ ${java.home}/lib/security/cacerts OR if you have your own trustStore & provide path to that in your application/JVM. For example one possible way could be

or via java code

import java.util.Properties;
...
    Properties systemProps = System.getProperties();
    systemProps.put("javax.net.ssl.keyStorePassword","passwordForKeystore");
    systemProps.put("javax.net.ssl.keyStore","pathToKeystore.ks");
    systemProps.put("javax.net.ssl.trustStore", "pathToTruststore.ts");
    systemProps.put("javax.net.ssl.trustStorePassword","passwordForTrustStore");
    System.setProperties(systemProps);
...

For more refer to details on RedHat site

May be it will help refer to question



来源:https://stackoverflow.com/questions/17388279/getting-error-pkix-path-building-failed-unable-to-find-valid-certification-pat

标签
java
Spring
Tomcat
ssl
certificate
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!