How to Find Valid Certification Path to Requested Target - Error Even After Cert Imported

Unable to find valid certification path to requested target - error even after cert imported

Unfortunately - it could be many things - and lots of app servers and other java 'wrappers' are prone to play with properties and their 'own' take on keychains and what not. So it may be looking at something totally different.

Short of truss-ing - I'd try:

java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=trustStore ...

to see if that helps. Instead of 'all' one can also set it to 'ssl', key manager and trust manager - which may help in your case. Setting it to 'help' will list something like below on most platforms.

Regardless - do make sure you fully understand the difference between the keystore (in which you have the private key and cert you prove your own identity with) and the trust store (which determines who you trust) - and the fact that your own identity also has a 'chain' of trust to the root - which is separate from any chain to a root you need to figure out 'who' you trust.

all            turn on all debugging
ssl            turn on ssl debugging

The   following can be used with ssl:
    record       enable per-record tracing
    handshake    print each handshake message
    keygen       print key generation data
    session      print session activity
    defaultctx   print default SSL initialization
    sslctx       print SSLContext tracing
    sessioncache print session cache tracing
    keymanager   print key manager tracing
    trustmanager print trust manager tracing
    pluggability print pluggability tracing

    handshake debugging can be widened with:
    data         hex dump of each handshake message
    verbose      verbose handshake message printing

    record debugging can be widened with:
    plaintext    hex dump of record plaintext
    packet       print raw SSL/TLS packets

Source: # See http://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Debug

PKIX path building failed and unable to find valid certification path to requested target

1. Go to URL in your browser:

• firefox - click on HTTPS certificate chain (the lock icon right next to URL address). Click "more info" > "security" > "show certificate" > "details" > "export..". Pickup the name and choose file type example.cer
• chrome - click on site icon left to address in address bar, select "Certificate" -> "Details" -> "Export" and save in format "Der-encoded binary, single certificate".

2. Now you have file with keystore and you have to add it to your JVM. Determine location of cacerts files, eg.
   C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts.

3. Next import the example.cer file into cacerts in command line (may need administrator command prompt):

keytool -import -alias example -keystore "C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts" -file example.cer

You will be asked for password which default is changeit

Restart your JVM/PC.

source:
http://magicmonster.com/kb/prg/java/ssl/pkix_path_building_failed.html

Reloading maven projects in IDEA: unable to find valid certification path to requested target

IDE launches the Maven goals with the JDK you choose in the Settings (Preferences on macOS) | Build, Execution, Deployment | Build Tools | Maven | Importing | JDK for importer settings. This error happens when the JVM tries to use non-trusted self-signed certificate.

It is likely that the proxy server in your network replaces the remote certificate with its own self-signed. So you need to import your certificate into the JDK trust store which you use to build by Maven (JDK for importer setting).

---

Related Topics