I'm trying to consume a secured rest endpoint through java code as following
public static void main(String[] args) {
getUrl();
}
private static void getUrl(){
System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Java\\jdk1.8.0_191\\keystore\\test.jks");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", "test123");
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<SignedURL> signedURLEntity = restTemplate.getForEntity("https://tfgts.xyz.com:16610/file-transfer/get-url?fmt=json", SignedURL.class);
System.out.println("PUT URL : "+signedURLEntity.getBody().getPuturl());
}
I have imported the test.jks certificate in the following way
keytool -importkeystore -srckeystore .\test.jks -destkeystore %JAVA_HOME%/jre/lib/security/cacerts
I could find the alias of the certificate I imported, when I ran the below command
keytool -list -keystore cacerts
I'm using eclipse IDE to run this java class and configured the Java build path of the project to the JDK path where the certificate is imported. Also, I ordered the JAVA_HOME in path environment variables to be on top.
But still I'm getting the following error
Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://tfgts.xyz.com:16610/file-transfer/get-url": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:732)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:680)
at org.springframework.web.client.RestTemplate.getForEntity(RestTemplate.java:359)
at com.paychex.retirement.ml.service.SterlingFileProcessor.getUrl(FileProcessor.java:99)
at com.paychex.retirement.ml.service.SterlingFileProcessor.main(FileProcessor.java:88)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:723)
... 4 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 24 more
Related
I am using Unity 2020.3.4f1, creating android AR face tracking app using AR Foundation, ARCore and ARkitFace Tracking. When i try build apk that time getting that error.
CommandInvokationFailure: Gradle build failed.
C:\Program Files\Unity\Hub\Editor\2020.3.4f1\Editor\Data\PlaybackEngines\AndroidPlayer\OpenJDK\bin\java.exe -classpath "C:\Program Files\Unity\Hub\Editor\2020.3.4f1\Editor\Data\PlaybackEngines\AndroidPlayer\Tools\gradle\lib\gradle-launcher-5.6.4.jar" org.gradle.launcher.GradleMain "-Dorg.gradle.jvmargs=-Xmx4096m" "assembleRelease"
stderr[
FAILURE: Build failed with an exception.
What went wrong:
A problem occurred configuring project ':launcher'.
Could not resolve all artifacts for configuration ':launcher:classpath'.
Could not download gradle.jar (com.android.tools.build:gradle:3.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/gradle/3.6.0/gradle-3.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/gradle/3.6.0/gradle-3.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download builder.jar (com.android.tools.build:builder:3.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/builder/3.6.0/builder-3.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/builder/3.6.0/builder-3.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download crash.jar (com.android.tools.analytics-library:crash:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/analytics-library/crash/26.6.0/crash-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/analytics-library/crash/26.6.0/crash-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download lint-gradle-api.jar (com.android.tools.lint:lint-gradle-api:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/lint/lint-gradle-api/26.6.0/lint-gradle-api-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/lint/lint-gradle-api/26.6.0/lint-gradle-api-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download gradle-api.jar (com.android.tools.build:gradle-api:3.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/gradle-api/3.6.0/gradle-api-3.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/gradle-api/3.6.0/gradle-api-3.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download databinding-compiler-common.jar (androidx.databinding:databinding-compiler-common:3.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/androidx/databinding/databinding-compiler-common/3.6.0/databinding-compiler-common-3.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/androidx/databinding/databinding-compiler-common/3.6.0/databinding-compiler-common-3.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download manifest-merger.jar (com.android.tools.build:manifest-merger:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/manifest-merger/26.6.0/manifest-merger-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/manifest-merger/26.6.0/manifest-merger-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download sdk-common.jar (com.android.tools:sdk-common:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/sdk-common/26.6.0/sdk-common-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/sdk-common/26.6.0/sdk-common-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download builder-test-api.jar (com.android.tools.build:builder-test-api:3.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/builder-test-api/3.6.0/builder-test-api-3.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/builder-test-api/3.6.0/builder-test-api-3.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download ddmlib.jar (com.android.tools.ddms:ddmlib:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/ddms/ddmlib/26.6.0/ddmlib-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/ddms/ddmlib/26.6.0/ddmlib-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download signflinger.jar (com.android:signflinger:3.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/signflinger/3.6.0/signflinger-3.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/signflinger/3.6.0/signflinger-3.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download zipflinger.jar (com.android:zipflinger:3.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/zipflinger/3.6.0/zipflinger-3.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/zipflinger/3.6.0/zipflinger-3.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download tracker.jar (com.android.tools.analytics-library:tracker:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/analytics-library/tracker/26.6.0/tracker-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/analytics-library/tracker/26.6.0/tracker-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download sdklib.jar (com.android.tools:sdklib:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/sdklib/26.6.0/sdklib-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/sdklib/26.6.0/sdklib-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download layoutlib-api.jar (com.android.tools.layoutlib:layoutlib-api:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/layoutlib/layoutlib-api/26.6.0/layoutlib-api-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/layoutlib/layoutlib-api/26.6.0/layoutlib-api-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download dvlib.jar (com.android.tools:dvlib:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/dvlib/26.6.0/dvlib-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/dvlib/26.6.0/dvlib-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download repository.jar (com.android.tools:repository:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/repository/26.6.0/repository-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/repository/26.6.0/repository-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download shared.jar (com.android.tools.analytics-library:shared:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/analytics-library/shared/26.6.0/shared-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/analytics-library/shared/26.6.0/shared-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download common.jar (com.android.tools:common:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/common/26.6.0/common-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/common/26.6.0/common-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download jetifier-processor.jar (com.android.tools.build.jetifier:jetifier-processor:1.0.0-beta08)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/jetifier/jetifier-processor/1.0.0-beta08/jetifier-processor-1.0.0-beta08.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/jetifier/jetifier-processor/1.0.0-beta08/jetifier-processor-1.0.0-beta08.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download bundletool.jar (com.android.tools.build:bundletool:0.10.3)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/bundletool/0.10.3/bundletool-0.10.3.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/bundletool/0.10.3/bundletool-0.10.3.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download jetifier-core.jar (com.android.tools.build.jetifier:jetifier-core:1.0.0-beta08)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/jetifier/jetifier-core/1.0.0-beta08/jetifier-core-1.0.0-beta08.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/jetifier/jetifier-core/1.0.0-beta08/jetifier-core-1.0.0-beta08.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download protos.jar (com.android.tools.analytics-library:protos:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/analytics-library/protos/26.6.0/protos-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/analytics-library/protos/26.6.0/protos-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download aapt2-proto.jar (com.android.tools.build:aapt2-proto:0.4.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/aapt2-proto/0.4.0/aapt2-proto-0.4.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/aapt2-proto/0.4.0/aapt2-proto-0.4.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download builder-model.jar (com.android.tools.build:builder-model:3.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/builder-model/3.6.0/builder-model-3.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/builder-model/3.6.0/builder-model-3.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download apkzlib.jar (com.android.tools.build:apkzlib:3.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/apkzlib/3.6.0/apkzlib-3.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/apkzlib/3.6.0/apkzlib-3.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download apksig.jar (com.android.tools.build:apksig:3.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/apksig/3.6.0/apksig-3.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/apksig/3.6.0/apksig-3.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download annotations.jar (com.android.tools:annotations:26.6.0)
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/annotations/26.6.0/annotations-26.6.0.jar'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/annotations/26.6.0/annotations-26.6.0.jar'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not download databinding-common.jar (androidx.databinding:
It looks like a certificate error from Java, it cannot validate HTTPS certificate when attempting to download .jar dependencies, please try the following:
Make sure you have imported the public certificate of the target instance into the truststore according to the Connecting to SSL Services instructions.
Make sure any certificates have been imported into the correct truststore; you may have multiple JRE/JDKs. Try reinstalling Java for this.
Check to see that the correct truststore is in use. If -Djavax.net.ssl.trustStore has been configured, it will override the location of the default truststore, which will need to be checked.
If this error results while integrating with an LDAP server over LDAPS and there is more than one LDAP server, then deselect the Follow referrals option within the LDAP user directory configuration per Connecting to and LDAP Directory. Optionally, import the SSL certificates from the other LDAP servers into the Confluence truststore.
Check if your Anti Virus tool has "SSL Scanning" blocking SSL/TLS. If it does, disable this feature or set exceptions for the target addresses (check the product documentation to see if this is possible.) If connecting to a mail server, such as Exchange, ensure authentication allows plain text.
Verify that the target server is configured to serve SSL correctly. This can be done with the SSL Server Test tool. If all else fails, your truststore might be out of date. Upgrade Java to the latest version supported by your application.
Source: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html
i am using smack 4.2.1 to connect xmpp server ,but when i run the code ,the server response the message below.
i really know that the error caused by tsl/ssl config.but i dont know how to solve.
XMPPTCPConnectionConfiguration conf = XMPPTCPConnectionConfiguration.builder()
.setXmppDomain("404.city").setUsernameAndPassword("xx", "xxxx")
.setCompressionEnabled(false)
.setSecurityMode(ConnectionConfiguration.SecurityMode.required)
.build();
XMPPTCPConnection connection = new XMPPTCPConnection(conf);
connection.connect();
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1060)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998)
at java.lang.Thread.run(Thread.java:745)
i fix it by myself....
i should set a SSLContext to the config
I am in a company, and need set proxy to connect to the Internet. The proxy setting is ok, because I can connect to other website, e.g. Neon - http://download.eclipse.org/releases/neon, but not for http://aws.amazon.com/eclipse.
The error message is:
Unable to read repository at
https://aws.amazon.com/eclipse/content.xml. Unable to read repository
at https://aws.amazon.com/eclipse/content.xml.
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target.
The specific stack is:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:554)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:435)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:216)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:394)
at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:814)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:615)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:263)
at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:69)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown
Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 26 more
This is because java is not recognizing root certificate authority (CA) SSL certificate of https://aws.amazon.com.
Solution is to add that certificate to java cacerts file so that it got permanently accepted.
Step 1 : Get root certificate of https://aws.amazon.com
CHROME BROWSER
Open https://aws.amazon.com
Select Inspect from context menu(right clicking on page) and navigate to security tab
Click on view certificates
Click on top most certificate on hierarchy and confirm it is tailed with Root CA phrase.
drag and drop that image which you saw written certificate on desktop.
FIREFOX BROWSER
Open https://aws.amazon.com
click on the green lock button "show certificate"
tab "details", "export"
Thats it! you got your root certificate!
Step 2 : Get that certificate added to java cacerts file.
use keytool.exe inside your jre bin folder.
fire following command to place your certificate inside cacerts file
keytool –import –noprompt –trustcacerts –alias ALIASNAME -file
/PATH/TO/YOUR/DESKTOP/CertificateName.cer -keystore
/PATH/TO/YOUR/JDK/jre/lib/security/cacerts -storepass changeit
That is it! you got your problem resolved.
PLEASE NOTE
Do confirm that the jre which is giving you this PKIX error(JRE used by eclipse or your app after deployment) that is where you are performing STEP 2. If you would try with another jre problem would be as it is.
Go to Eclipse -> Window -> Preferences -> Network Settings
Change Active Provider to Direct
Save
Go back to Install Software
Try again to pull from AWS Repo
This time it will work
Just flow the below steps in eclipse,
1) go to windows -> preference - > search for network connections
2) Change the active provider to direct.
Then try install software in eclipse and search for http://aws.amazon.com/eclipse.
It will work.
Try changing the Window/Preferences/Network settings from Native to Direct.
Launch eclipse from CLI using "eclipse.exe -clean"
Retry the update
I'm trying to use the eGerrit Eclipse Plugin (https://www.eclipse.org/egerrit/) for connecting to my gerrit server out of Eclipse. Everytime I try to connect I get an error that my URL (https://gerrit.isys-software.de) is not valid. But I'm quite sure that the URL is valid, because I can call it in the browser without problems. Does someone use the eGerrit Plugin an can give me some advice?
Thanks in advance :)
I've solved the problem. The certificate couldn't be verified, following error was found in Eclipse-Log:
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at
sun.security.validator.PKIXValidator.doBuild(Unknown Source) at
sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at
sun.security.validator.Validator.validate(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at
org.apache.http.conn.ssl.SSLContextBuilder$TrustManagerDelegate.checkServerTrusted(SSLContextBuilder.java:190) at
sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
... 84 more
Next step: Added the server certificate to a custom truststore via console:
keytool.exe -import -alias <alias> -file <path-to-certificate> -keystore <path-to-truststore>
After I started Eclipse with 2 truststore parameters, the connection could be established without problems.
-Djavax.net.ssl.trustStore=<path-to-truststore>
-Djavax.net.ssl.trustStorePassword=<password>
I upgraded my GWT project with CAS. When I test it in dev mode, it works fine. Now I wanted to deploy my project to tomcat. When I'm running it, I can reach the CAS server. But when the CAS server directs me back to my webapp, I'm getting this error.
HTTP Status 500 - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
type Exception report
message javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
description The server encountered an internal error that prevented it
from fulfilling this request.
exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:295)
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:33)
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)
org.jasig.cas.client.util.HttpServletRequestWrapperFilter.doFilter(HttpServletRequestWrapperFilter.java:62)
org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:110)
root cause
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338)
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1299)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:281)
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:33)
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)
org.jasig.cas.client.util.HttpServletRequestWrapperFilter.doFilter(HttpServletRequestWrapperFilter.java:62)
org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:110)
root cause
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
sun.security.validator.Validator.validate(Validator.java:260)
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320)
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1299)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:281)
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:33)
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)
org.jasig.cas.client.util.HttpServletRequestWrapperFilter.doFilter(HttpServletRequestWrapperFilter.java:62)
org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:110)
root cause
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
sun.security.validator.Validator.validate(Validator.java:260)
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320)
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1299)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:281)
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:33)
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)
org.jasig.cas.client.util.HttpServletRequestWrapperFilter.doFilter(HttpServletRequestWrapperFilter.java:62)
org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:110)
note The full stack trace of the root cause is available in the Apache
Tomcat/7.0.37 logs. Apache Tomcat/7.0.37
Can't figure out how to fix it.
I'm assuming you enabled https=true in deployDescriptor.xml. Inorder to make CAS work with HTTPS you have to create one keystore file
Creating a Keystore File