Trying to install Eclipse DTP (Data Tools Platform) from Eclipse marketPlace.I am using Eclipse Java Neon. I am getting following exception/error.
Unable to read repository at
http://download.eclipse.org/datatools/updates/content.jar.
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Any help is appreciated.
When downloading the content.jar file you're redirected to another mirror site.
In my case i was redirected to "https://mirrors.shu.edu.cn/eclipse/datatools/updates/content.jar"
This website expose an ssl certificate to you but you don't have any certificate authority able to validate this certificate.
What can you do?
download keystore explorer
In Internet explorer open the developper tools and start network recording in the network view
In the address bar copy/paste "http://download.eclipse.org/datatools/updates/content.jar"
Get the https redirected url from the network view
Launch Keystore explorer and open your cacerts file (JRE_OR_JDK_HOME/jre/lib/security/cacerts). The access password is "changeit"
I don't know the exact translation but in keystore explorer menu bar you will find a menu item something along the line "get certificate from TLS/SSL", click on it and provide the secured domain name (for me : mirrors.shu.edu.cn)
Import the certificate in cacerts and save cacerts
restart eclipse and test again
Some important points:
. cacerts is the default repository for certificate authorities used by java
. it is better to import the certificate chain (all the certificates shown by keystore explorer except the website's one)
. Take a good look to the certificates you're importing in cacerts because java will trust them
Related
I'm using JSOUP to connect to a web page and get some content via web scraping method. Everything seems to work fine for months but recently this error started to appear.
ERROR: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I've added the certificate of the web page (downloaded the certificate from chrome explorer, base64 cer) and added to my java cacert using this command
keytool -import -alias certificatebase64-2 -keystore "C:\Program Files\Java\jdk-11.0.10\lib\security\cacerts" -file certificate-base64.cer
I've also installed the certificate in my windows machine, since in this machine is where the java app is running, using certificate windows assistant
right click on the certificate -> install certificate -> local machine -> and manually select "Trusted Root Certification Authorities"
After this two steps the app begin to works fine again, but after some hours the error pops up again.
The work around I've found is the execute the same comands explained above to add the certificate to my cacerts again (have to change the name of the import)
Here is how I connect to the web page using JSOUP
Connection.Response response = Jsoup.connect("https://www.test.store/us/").method(Connection.Method.GET)
.execute();
I can't seem to find to root cause of this error and why It fails to work some hours after I import the certificates again.
I try crawling seed urls that are http/https
but for few https urls i get below error
FetcherThread INFO api.HttpRobotRulesParser (168) - Couldn't get robots.txt for https://corporate.douglas.de/investors/?lang=en: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
on other hand https://www.integrafin.co.uk/annual-reports/ is crawled perfectly fine
below is my configuration
plugin.includes
protocol-http|urlfilter-regex|parse-(html|tika|text)|index-(basic|anchor|more|static|links)|indexer-solr|scoring-opic|urlnormalizer-(pass|regex|basic)|urlmeta|language-identifier
I think you need to put the certificate of server https://corporate.douglas.de/investors/?lang=en in the "cacerts" file of the JVM that runs your code.
First, download the certificate using Chrome:
Then, click in "details" tab and then in button "Copy to file"
In the wizard, select the option "DER binary.... (.CER)"
Now, you can use the tool "portecle" (http://portecle.sourceforge.net/) to add the certificate to the cacert file in your JVM followin this steps http://portecle.sourceforge.net/import-trusted-cert.html
Hope works for you.
You could try using a more recent version of Nutch, or compile directly from master, and then give a try to the http.tls.certificates.check setting, from (https://github.com/apache/nutch/pull/388). This will essentially allow you to skip the TLS/SSL verification.
I have a simple java application which is running in my local machine which connects to some URLs. When I connect to https urls I get the Error "Unable to find certification path ..". Following the steps mentioned in other websites I exported the certificate from my browser saved it and then imported it into my cacerts keystore using the keytool command.
This worked initially for some remote website URLs. But when the URL began with "https:localhost:8083" I am still getting the same exception! Even though I followed all the steps.
Any help?
scenario:
1. in STS open 'servers' view and add 'cloudFoundry' server
2. in the new server wizard enter "https://api.run.pivotal.io/" and user password
3. press next - I get the following exception :
Unable to communicate with server - I/O error on GET request for "https://api.run.pivotal.io/info":sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
tried adding SSL certificate from the URL to the JDK used by STS , also
tried using the "Trust self-signed certificate" option
both didn't help.
One suggestion to see why connecting to Pivotal Web Services (api.run.pivotal.io) is not working through STS, is to verify that when you added the SSL certificate to the JDK used by STS, it is listed by Java keytool.
For Pivotal Web Services, I believe it should be DigiCert:
Owner: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Normally, if this certificate appears in the list of certificates used by the STS JDK, users should be able to connect without getting validator exceptions, and without having to check "Trust self-signed certificate" option.
Maybe this related post can provide additional information:
PKIX path building failed in Java application
Unlike the cf CLI via the option:
--skip-ssl-validation
the Cloud Foundry Tools in STS does not have an option to skip SSL validation.
I am making an Java client application that needs to access some data from website using https and signed by StartCom.
First, I tried to use HttpsURLConnection to access https://blabla.com/blabla.file, but I got sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. error.
I guess the reason is that StartCom is not added in Java trust certs.
Then, I added two StartCom certificate files (ca.crt and startcom.sub.class1.server.ca.crt) in Java cacerts and I can see them with keytools, but I still get the same error as before.
So, is it possible to use StartCom signed websites in java application without adding it to Java cacerts, and
why can not I use StartCom signed websites even if I added their certificates to my cacerts file, what did I do wrong?
Thank you in advance!
Edit 1: If I try to access https://google.com (for example) from my application there are no errors.
Edit 2: Certificates where added by this command keytool -keystore cacerts -importcert -alias startcom.ca -file ca.crt.