javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed
Sometimes users deal with “sun.security.validator.ValidatorException: PKIX path building failed” with the exception and don’t know how to solve the issue.
Problem: This error occurred usually when we try to consume secured services using java client. Below is the stack trace that we usually get
sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
Cause:
Main reason for the issue is that SSL certificate has not been installed properly
Solution:
1) Download the InstallCert.java file from here
2) Compile the file using the command as below:
javac InstallCert.java
3) Add Trusted Keystore
Run InstallCert.java using java InstallCert.java, with the hostname and https port, and press “1” when asking for input. It will add the “localhost” as a trusted keystore, and generate a file named “jssecacerts“
C:Ankur>java InstallCert localhost:443
Loading KeyStore C:Program Files (x86)Javajre1.8.0_91libsecuritycacerts…
Opening connection to localhost:443…
Starting SSL handshake…
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at InstallCert.main(InstallCert.java:59)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:161)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
… 9 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
… 17 more
Server sent 1 certificate(s):
1 Subject CN=Ankur-Jain
Issuer CN=Ankur-Jain
sha1 d3 b9 1c 0d 37 15 43 eb 42 08 6e 28 f9 b9 14 51 b4 5d 80 fb
md5 d0 0e b8 cf 3e af ee a7 75 96 7b 65 d0 a8 83 1f
Enter certificate to add to trusted keystore or ‘q’ to quit: [1]
1
[
[
Version: V3
Subject: CN=Ankur-Jain
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 29097399406335862648603478718093032258106380849402774151925502342615178908568117666690377193826203615479790565960821376205940928458371313760609133959349461286885160113266037440511976960329613437120185785368606059740742844262213088886805653789914216591685771502790972206462685411556415317772895044855789311041156987953579907954163194290953047131042696647502021116508936286048203642300999439036533705336558235724297279695584190506372666605140794146250538573493778513998757194609517715519451722657765734837367627217395785262158854804147187586905921058319581450357763769002145000821758050508892633704219266564731848702777
public exponent: 65537
Validity: [From: Mon Jun 12 17:27:51 IST 2017,
To: Thu Jun 10 17:27:51 IST 2027]
Issuer: CN=Ankur-Jain
SerialNumber: [ ef54124a a7408795]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
[2]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_Encipherment
Data_Encipherment
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: Ankur-Jain
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: A2 AD A1 B5 3C 3A 9D A4 DD 35 CC 7B 79 91 D2 FC ….<:…5..y…
0010: 91 53 8A 43 4B 55 4C DF D6 CB 5C 82 8F 1E 44 C5 .S.CKUL……D.
0020: D6 64 40 1B 7D FD 75 E7 D6 22 98 24 52 56 83 7C .d@…u..”.$RV..
0030: B8 89 F5 A6 DD 5F 5F A8 19 51 59 9D 6A DD 0E 69 …..__..QY.j..i
0040: 59 68 AD E8 2B EB 73 D3 F8 16 15 2F 1D FF 84 77 Yh..+.s…./…w
0050: 62 2F 05 24 78 EE 5E F9 13 81 AF 79 45 B0 D7 34 b/.$x.^….yE..4
0060: 19 54 52 15 39 0C 4B D5 6C E2 9E 78 38 7A 4C 7E .TR.9.K.l..x8zL.
0070: 57 16 E3 AB F9 DC 56 07 13 D5 6B 2C E1 6D E5 1C W…..V…k,.m..
0080: 3C DC 05 94 18 BE 99 7D 0B C6 51 C6 E2 8F DD 7A <………Q….z
0090: 32 6A C3 5B 49 12 F5 AD 8B 15 C7 D0 B7 F7 DC 7F 2j.[I………..
00A0: C0 9C 6E 9F 35 0D 33 92 53 84 C1 79 2F A8 F5 C5 ..n.5.3.S..y/…
00B0: F9 F5 F1 4F 7A F7 22 54 43 88 DF 83 D5 6B CD E7 …Oz.”TC….k..
00C0: 4C D2 49 66 D0 F5 57 40 0E DD 87 B4 8E CB 6B BD L.If..W@……k.
00D0: C4 1F 99 E8 5B 92 5B 10 FB C6 DD EA 70 F7 B2 ED ….[.[…..p…
00E0: 5E CF 02 44 5B 40 28 0B 97 72 01 EA 59 F1 F7 38 ^..D[@(..r..Y..8
00F0: 71 1C BD 48 32 93 7E 91 1F 8B 29 85 E2 A3 8B 8E q..H2…..)…..
]
Added certificate to keystore ‘jssecacerts’ using alias ‘localhost-1’
3) Verify Trusted Keystore
Check if the certificate has been added successfully or not using the same command again
C:Ankur>java InstallCert localhost:443
Loading KeyStore jssecacerts…
Opening connection to localhost:443…
Starting SSL handshake…
No errors, certificate is already trusted
Server sent 1 certificate(s):
1 Subject CN=Ankur-Jain
Issuer CN=Ankur-Jain
sha1 d3 b9 1c 0d 37 15 43 eb 42 08 6e 28 f9 b9 14 51 b4 5d 80 fb
md5 d0 0e b8 cf 3e af ee a7 75 96 7b 65 d0 a8 83 1f
Enter certificate to add to trusted keystore or ‘q’ to quit: [1]
q
KeyStore not changed
4) Copy jssecacerts: Copy the generated jssecacerts file at $JAVA_HOME/jre/lib/security folder
5) Invoke the service client and the problem went away.
Such a great information are there in your post and this will guide more people.
JAVA Training in Chennai
JAVA Training in Velachery
Software testing training in chennai
Android Training in Chennai
Selenium Training in Chennai
Hadoop Training in Chennai
JAVA Training in Chennai
Java Training in Tnagar
This was an awesome blog. The way the author has delivered the content is really simple and easy to understand. Waiting for more updates.
German Classes in Mulund
German Classes in Mulund West
French Classes in Mulund West
French Language Classes in Mulund
Spoken English Class in Chennai
Spoken English in Chennai
IELTS Coaching Centre in Chennai
English Speaking Course in Mumbai
IELTS Coaching in Mumbai
I feel satisfied to read your blog, you have been delivering a useful & unique information to our vision.keep blogging.
Regards,
microsoft dynamics training in chennai
Ethical Hacking Course in Chennai
PHP Training in Chennai
Web Designing Course in Chennai
microsoft dynamics crm training
gst training in chennai
microsoft dynamics crm training institutes in chennai
ccna Training in Chennai
web designing course
Such a great information are there in your post and this will guide more people.
AWS Training in Chennai
Blue Prism Training in Chennai
Excellent blog with unique content, thanks a lot for sharing this. I love to learn more about this topic.
AWS course in Chennai
AWS Certification in Chennai
Azure Training in Chennai
Microsoft Azure Training in Chennai
VMware Training in Chennai
VMware course in Chennai
AWS Training in Anna Nagar
This comment has been removed by a blog administrator.
english to telugu typing
Nice information
Good contentcustomized erp solutions in india
This blog is great knowledge and gain more skills from this blog.
web design and programming courses
php classes in chennai
magento course in chennai
After reading this blog, I would like to demand more articles again and again. I am feeling myself as satisfy by got to know these all such information which never came to my knowledge. Please writer more.
Pest control hoppers crossing
Quickbooks Accounting Software