How to Ignore Pkix Path Building Failed: Sun.Security.Provider.Certpath.Suncertpathbuilderexception

How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?

If you want to ignore the certificate all together then take a look at the answer here: Ignore self-signed ssl cert using Jersey Client

Although this will make your app vulnerable to man-in-the-middle attacks.

Or, try adding the cert to your java store as a trusted cert.
This site may be helpful.
http://blog.icodejava.com/tag/get-public-key-of-ssl-certificate-in-java/

Here's another thread showing how to add a cert to your store.
Java SSL connect, add server cert to keystore programmatically

The key is:

KeyStore.Entry newEntry = new KeyStore.TrustedCertificateEntry(someCert);
ks.setEntry("someAlias", newEntry, null);

PKIX path building failed and unable to find valid certification path to requested target

1. Go to URL in your browser:

• firefox - click on HTTPS certificate chain (the lock icon right next to URL address). Click "more info" > "security" > "show certificate" > "details" > "export..". Pickup the name and choose file type example.cer
• chrome - click on site icon left to address in address bar, select "Certificate" -> "Details" -> "Export" and save in format "Der-encoded binary, single certificate".

2. Now you have file with keystore and you have to add it to your JVM. Determine location of cacerts files, eg.
   C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts.

3. Next import the example.cer file into cacerts in command line (may need administrator command prompt):

keytool -import -alias example -keystore "C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts" -file example.cer

You will be asked for password which default is changeit

Restart your JVM/PC.

source:
http://magicmonster.com/kb/prg/java/ssl/pkix_path_building_failed.html

Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?

You need to add the certificate for App2 to the truststore file of the used JVM located at $JAVA_HOME\lib\security\cacerts.

First you can check if your certificate is already in the truststore by running the following command:
keytool -list -keystore "$JAVA_HOME/jre/lib/security/cacerts" (you don't need to provide a password)

If your certificate is missing, you can get it by downloading it with your browser and add it to the truststore with the following command:

keytool -import -noprompt -trustcacerts -alias <AliasName> -file   <certificate> -keystore <KeystoreFile> -storepass <Password>

Example:

keytool -import -noprompt -trustcacerts -alias myFancyAlias -file /path/to/my/cert/myCert.cer -keystore /path/to/my/jdk/jre/lib/security/cacerts/keystore.jks -storepass changeit

After import you can run the first command again to check if your certificate was added.

Sun/Oracle information can be found here.

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException

Cetifacte of the backend (jclouds endpoint) should be added to the WSO2 Private PaaS's client-truststore.jks. Have a look at [1]

[1] http://evanthika.blogspot.com/2014/01/how-to-solve-pkix-path-building-failed.html

---

Related Topics