I have a simple java application which is running in my local machine which connects to some URLs. When I connect to https urls I get the Error "Unable to find certification path ..". Following the steps mentioned in other websites I exported the certificate from my browser saved it and then imported it into my cacerts keystore using the keytool command.
This worked initially for some remote website URLs. But when the URL began with "https:localhost:8083" I am still getting the same exception! Even though I followed all the steps.
Any help?
Related
Trying to install Eclipse DTP (Data Tools Platform) from Eclipse marketPlace.I am using Eclipse Java Neon. I am getting following exception/error.
Unable to read repository at
http://download.eclipse.org/datatools/updates/content.jar.
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Any help is appreciated.
When downloading the content.jar file you're redirected to another mirror site.
In my case i was redirected to "https://mirrors.shu.edu.cn/eclipse/datatools/updates/content.jar"
This website expose an ssl certificate to you but you don't have any certificate authority able to validate this certificate.
What can you do?
download keystore explorer
In Internet explorer open the developper tools and start network recording in the network view
In the address bar copy/paste "http://download.eclipse.org/datatools/updates/content.jar"
Get the https redirected url from the network view
Launch Keystore explorer and open your cacerts file (JRE_OR_JDK_HOME/jre/lib/security/cacerts). The access password is "changeit"
I don't know the exact translation but in keystore explorer menu bar you will find a menu item something along the line "get certificate from TLS/SSL", click on it and provide the secured domain name (for me : mirrors.shu.edu.cn)
Import the certificate in cacerts and save cacerts
restart eclipse and test again
Some important points:
. cacerts is the default repository for certificate authorities used by java
. it is better to import the certificate chain (all the certificates shown by keystore explorer except the website's one)
. Take a good look to the certificates you're importing in cacerts because java will trust them
I have set up sonarqube server on a VM in Azure with Azure sql. A self signed cert was created using IIS.
I can connect to the server via a remote browser and after installing the certificate into the Trusted CA I can successfully connect to the server with no warnings.
However on running the sonar-scanner.bat from a a remote client, I receive the following error :
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I followed some guidelines to install the certificate into the Java keystore by exporting the certificate via IE then importing it into the JAVA keychain as below
keytool -importcert -file c:\sonarcertnew.cer -keystore keystore.jks -alias "Aliasonar but this then gives another error : Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified:
So despite exporting the cert and importing into the java keystore still unable to connect. Can anyone advise?
I might be a bit late to help you with this but just solved this issue myself and though I'd add my solution to this for future Googlers!
My problem was caused by trying to use the IP address that Azure assigned to the server, I couldn't get the certificate to work with Java. In the end, I gave my Azure VM a DNS and re-exported the certificate and imported to both Windows and Java. This solved the SSLHandshakeException for me.
This may look like a duplicate but it is not.
I added the certificate from the ssl endpoint to my cacerts file. I verified its added. I restarted the jvm and my computer, but I still get unable to find valid certification path to requested target exception.
In addition to adding the certificate from the ssl endpoint the following helped me fix the issue. I added this system property in my code and it helped me navigate to the required secured endpoint.
System.setProperty("javax.net.ssl.trustStore", "path/to/cacerts");
However the above one works for local, while doing it for prod deployment I moved the cacerts to my project and change the path to cacerts to the one in my project. This way it worked for both remote and local end points.
I am making an Java client application that needs to access some data from website using https and signed by StartCom.
First, I tried to use HttpsURLConnection to access https://blabla.com/blabla.file, but I got sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. error.
I guess the reason is that StartCom is not added in Java trust certs.
Then, I added two StartCom certificate files (ca.crt and startcom.sub.class1.server.ca.crt) in Java cacerts and I can see them with keytools, but I still get the same error as before.
So, is it possible to use StartCom signed websites in java application without adding it to Java cacerts, and
why can not I use StartCom signed websites even if I added their certificates to my cacerts file, what did I do wrong?
Thank you in advance!
Edit 1: If I try to access https://google.com (for example) from my application there are no errors.
Edit 2: Certificates where added by this command keytool -keystore cacerts -importcert -alias startcom.ca -file ca.crt.
I have a web service that had been working fine while we were on Java 7 version 75. We recently updated to Java 8 and now we are getting this error on the web service: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This is the full dump:
Charset [empty string]
ErrorDetail I/O Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Filecontent Connection Failure
Header [empty string]
Mimetype Unable to determine MIME type of file.
Responseheader ws dump - struct [empty]
Statuscode Connection Failure. Status code unavailable.
Text YES
We have updated the certificates and the certificates have been re-imported in the correct key store and verified it's there using keytool -list and restarted, but still get the authentication error.
I see this is usually fixed by re-installing the certificate but that hasn't worked. Many suggestions to fix this error recommended installing Certman in CF Admin. We installed it and imported the certificates, but still the same error. Our workaround is rolling back to Java 7 version 75 so this web service works, but we need to update to the latest version of Java soon so our charts can work again and obviously for security reasons. Any suggestions?
Stats:
Java Dev Kit 8 v 60,
ColdFusion 10 hotfix 17,
Windows Server 8
****UPDATE*****
After reading Sean Coyne's answer below I talked to our Network Admin's. They had already copied the tools.jar file into the lib folder. They deleted the stubs folder and restarted the CF server, but we still got the same error. I visited with them and they showed me that the certificates were indeed in the keystore.
As described here: https://helpx.adobe.com/coldfusion/kb/coldfusion-mx-troubleshooting-scheduled-tasks.html
We added some debugging to jvim.config as I ran the web service. The debugging pointed out that the handshake with one of the certificates was invalid. What the heck!
I asked if we could see the certs in the Certificate Manager in CF Admin. It was NOT installed after all. So the NA installed the CertMan add on in CF Admin. After importing the certificates using CertMan and restarting the CF server, the web service worked after that.
I think doing what Sean Coyne suggested below AND making sure CertMan was installed so we could import the certificates was what fixed it for us.
You may need to delete the stubs. These are in [cfroot]/cfusion/stubs. Just stop CF, delete all the files in that directory and start CF again.
Also, you will want to copy the tools.jar file from your JDK installation into the lib folder at [cfroot]/cfusion/lib/tools.jar. Backup the existing tools.jar file first then copy from [jdk root]/lib/tools.jar.
Reference: http://blogs.coldfusion.com/post.cfm/coldfusion-10-and-11-support-with-java-8