I am developing a Java application that provides a REST API over HTTP.
For security reasons this communication should be switched to HTTPS.
I generate a trusted certificate from Let's Encrypt using certbot tool, this certificate seems to be working when I call my API from Chrome browser, but I get this exception when I use a Java 1.8.0_191 client based on Spring RestTemplate:
Exception in thread "main"
org.springframework.web.client.ResourceAccessException: I/O error on GET
request for "https://hostname/api/v1/event":
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target; nested exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:743)
at
org.springframework.web.client.RestTemplate.execute(RestTemplate.java:669)
at
org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:578)
at
com.swingws.wiser.tasks.GetFrimwareVersionTask.main(GetFrimwareVersionTask.
java:80)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
1639)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:
1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
AbstractD
elegateHttpsURLConnection.java:185)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect
(HttpsURLConnectionImpl.java:162)
at
org.springframework.http.client.SimpleBufferingClientHttpRequest.
executeInternal(SimpleBufferingClientHttpRequest.java:76)
at
org.springframework.http.client.AbstractBufferingClientHttpRequest
.executeIntern
al(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.
execute(AbstractClient HttpRequest.java:53)
at
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:734)
... 3 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:
324)
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java
:229)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(
X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(
ClientHandshaker.java:1621)
... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.build(
SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(
SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 23 more
Is there any way to make this working without adding this certificate to Java clients keystore ?
We had the same issue and in our case the server that we contacted was misconfigured. It did not provide the full certificate chain. You can check that using this tool.
When the server is under your control, you should be able to configure this. When using Apache, you can configure this using SSLCertificateChainFile. See also this answer
Related
I am getting below exception:
Cannot login using org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://<kmaas_domain>:443/v1/auth/aws/login": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
org.springframework.vault.authentication.VaultLoginException: Cannot login using org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://kmaas_domain:443/v1/auth/aws/login": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am using VaultTemplate to acquire the Token from Kmaas (implementation on HCP Vault) to get secrets. How can I disable this SSL check? Python based Boto library does have this option as
requests.request(request_type, RESOURCE_PATH, headers={'X-Vault-Token': client_token}, **verify=False**, data=PAYLOAD)
but I can't find any such option in Java
I have generated java classes using cxf wsdl2java. But not sure how to authenticate the request with client certificate. I was able to generate client classes from wsdl with out any issue by using the below command:
wsdl2java -ant - client -d D:\cxf-client D:\HelperActions.wsdl
I am getting the blogs or forums with userid and password authentication in google search. But not able to find how to authenticate the request with the jks or .crt certificate.
I tried what it was mentioned in the below link
https://db-blog.web.cern.ch/blog/luis-rodriguez-fernandez/2014-07-java-soap-client-certificate-authentication
and also I tried implementing the certification mentioned in the below link
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java?revision=1406329&view=markup
But I am getting the following exception
javax.xml.ws.webserviceException: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'wsdl path'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failes: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.HandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I placed the certificate in the class path, I tried both the ways mentioned in the above links, but all the effort didnt work well. I am not sure where I am going wrong.
Can anyone help me in sending the request with client certificate?
I have a simple e-mail alert use case.
Have done the basic configurations in axis2.xml, and when i try the proxy the following exception shows up.
javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1420)
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1408)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
TID: [-1234] [] [2016-07-27 14:19:30,758] ERROR
{org.apache.axis2.transport.mail.MailTransportSender} - Error creating mail message or sending it to the configured server {org.apache.axis2.transport.mail.MailTransportSender}
javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1420)
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1408)
The issue, I believe is I'm missing the following line of code in the configuration of ESB.
Session session = Session.getInstance(props,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("aaa", "bbb#0089");
}
});
I have tried, tested successfully with a small java email app and javamailAPI including this authentication.
How can I do the same configuration in the <ESB_HOME>/repository/conf/axis2/axis2.xml
Any suggestions will be very much helpful. ESB 4.9.0
Thanks in advance.
This seems to be because the required certificate is not available in the client trust store. Try again after importing it. To import the certificate to the trust store you can refer this blog.
When I am login with Facebook in my app On local host http://localhost:8080/ its working fine but in client side on Linux environment its throwing this exception :
org.springframework.web.client.ResourceAccessException:
I/O error on POST request for "https://graph.facebook.com/v2.5/oauth/access_token":sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Please help
Thanks
So I am trying to send a hello world email using the ews-java-api.
My code looks like:
ExchangeService exchangeWebService = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
exchangeWebService.setCredentials(new WebCredentials(username , password, localPcDomain));
exchangeWebService.setUrl(new URI(companyExchangeURL));
EmailMessage msg= new EmailMessage(exchangeWebService);
msg.setSubject("Hello world!");
msg.setBody(MessageBody.getMessageBodyFromText("Sent using the EWS Java API."));
msg.getToRecipients().add(testEmail);
msg.send();
But I get the following exception:
microsoft.exchange.webservices.data.ServiceRequestException: The request failed. The request failed. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: microsoft.exchange.webservices.data.ServiceRequestException: The request failed. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Any ideas on what I need to do? I have tried using autodiscover but it always seems to fail.
From the error it sounds like it may be an SSL issue (invalid certificate, untrusted certificate, etc.). A quick test would be to go to the OWA url for that server and see if your browser gives a warning or error about the SSL cert.