getting certifiate isssue while triggering API::
javax.net.ssl|ERROR|01|main|2022-11-22 05:56:38.677 UTC|TransportContext.java:361|Fatal (CERTIFICATE_UNKNOWN): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (
"throwable" : {
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Exception in thread "main" javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Verified the certificate and enabled the ssl debug log, but unable to get the root cause
This question already has answers here:
"PKIX path building failed" and "unable to find valid certification path to requested target"
(53 answers)
Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
(33 answers)
PKIX path building failed: unable to find valid certification path to requested target
(11 answers)
How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?
(10 answers)
PKIX path building failed in Java application
(6 answers)
Closed 8 months ago.
Edit please don't close it, see the link i added they did not solve my problem
I'm trying to solve the error I get on my server application while trying to connect using JDBC connection with SSL to An AWS-RDS
when i run my connection String using only these
params i get the PKIX error
?sslmode=verify-ca&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory&ssl=true
So I've searched online and found multiple links
"PKIX path building failed" and "unable to find valid certification path to requested target"
PKIX path building failed: unable to find valid certification path to requested target
How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?
PKIX path building failed in Java application
Following these links i tried adding all sort of parameters like:
these resources are located in my pod:
Downloaded from Amazon AES this resource: global-bundle.pem
and copied into my pod
sslrootcert=/opt/company/cert/global-bundle.pem
serverSslCert=/opt/company/cert/global-bundle.pem
these 2 certificates are injected from the cluster to my pods
sslkey=/etc/identity/ca/cacerts.pem
sslcert=/etc/identity/ca/security-ca.pem
all the combinations i tried resulted in the same error
org.postgresql.util.PSQLException: SSL error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:43)\
......
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)\n\t... 161 more\nCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)\n\t... 167 more\n"
I am making a post request using a restTemplate and I am getting the following error: unable to find a valid certification path to requested target
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'transformToListClass': Invocation of init method failed; nested exception is java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
And my method below:
public ImageDescriptor generateImage(String payLoad, String templateName, String slogPrefix) {
try {
ImageDescriptor descriptor = new ImageDescriptor();
String myEUrl = "https://emploenefitsdev/rion/v1/rion/";
String eURL = myUrl.concat(Constant.F_SLASH).concat(templateName);
log.info("payload" + payLoad);
ResponseEntity<Resource> responseEntity = restTemplate.exchange(
eURL,
HttpMethod.POST,
niService.getStringHttpEntityWithPayload(payLoad),
Resource.class);
log.info(String.format("%s generateImage Result: [%s] ", slogPrefix, responseEntity.getStatusCode()));
descriptor.setInputStream(Objects.requireNonNull(responseEntity.getBody()).getInputStream());
convert(responseEntity.getBody().getInputStream(), "sherrr.pdf");
log.info("file is:"+ convert(responseEntity.getBody().getInputStream(), "sherrr.pdf"));
return descriptor;
} catch (IOException e) {
e.printStackTrace();
log.error("Error: " + slogPrefix + " generate image failed " + e.getMessage());
throw new RuntimeException(e);
}
}
The request is failing while making a connection from client to the server. The reason behind the failure is client inability to validate the server's identity/certificate. During the client-server handshaking process, the client needs issuer/root certificates to validate the server's identity. Most of the root certificates issued from well-known trusted authorities are shipped with the JDK, and present in the Keystore file, called cacerts.
Let's talk about your case. It could potentially fall into one of the following categories.
Server is using certificate issued from the certificate authority whose root and intermediate certificates are not present in the JDK.
Server is using a certificate issued from in house CA.
Server is using a self-signed certificate.
You need to add the root and intermediate certificates to the java cacerts key store.
One way to obtain the root and intermediate certificates by visiting the server site in the browser. Click on the secure lock pad in the url bar and explore the certificate option. You need to export the root and intermediate certificate by using the copy option and save the cert file on your system.
Go to the location eg: C:\Program Files\Java\jdk1.8.0_121\jre\lib\security where the cacerts is present and open the command prompt to execute the following command.
keytool -import -alias -aliasName -file pathToRootCA.crt -keystore cacerts
The default password is changeit
If cacerts include the Root CA certificate and still you see the error, ensure that your java program is picking up the correct keystore. It can happen that it is picking up another keystore other than cacerts.
I am getting below error while connecting Linux Oracle server from Windows in Java (JDBC), may I know how to solve this error.
java.sql.SQLRecoverableException: Io exception:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
Refer to the Security whitepaper for more information and instructions.
I have a third party certificate installed in my %JAVA_HOME%/jre/lib/security/cacerts file. I have written a local test program to test that this is imported well and I receive the reply as expected.
When running the program from tomcat I receive an error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Any recommendations?