I am making a post request using a restTemplate and I am getting the following error: unable to find a valid certification path to requested target
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'transformToListClass': Invocation of init method failed; nested exception is java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
And my method below:
public ImageDescriptor generateImage(String payLoad, String templateName, String slogPrefix) {
try {
ImageDescriptor descriptor = new ImageDescriptor();
String myEUrl = "https://emploenefitsdev/rion/v1/rion/";
String eURL = myUrl.concat(Constant.F_SLASH).concat(templateName);
log.info("payload" + payLoad);
ResponseEntity<Resource> responseEntity = restTemplate.exchange(
eURL,
HttpMethod.POST,
niService.getStringHttpEntityWithPayload(payLoad),
Resource.class);
log.info(String.format("%s generateImage Result: [%s] ", slogPrefix, responseEntity.getStatusCode()));
descriptor.setInputStream(Objects.requireNonNull(responseEntity.getBody()).getInputStream());
convert(responseEntity.getBody().getInputStream(), "sherrr.pdf");
log.info("file is:"+ convert(responseEntity.getBody().getInputStream(), "sherrr.pdf"));
return descriptor;
} catch (IOException e) {
e.printStackTrace();
log.error("Error: " + slogPrefix + " generate image failed " + e.getMessage());
throw new RuntimeException(e);
}
}
The request is failing while making a connection from client to the server. The reason behind the failure is client inability to validate the server's identity/certificate. During the client-server handshaking process, the client needs issuer/root certificates to validate the server's identity. Most of the root certificates issued from well-known trusted authorities are shipped with the JDK, and present in the Keystore file, called cacerts.
Let's talk about your case. It could potentially fall into one of the following categories.
Server is using certificate issued from the certificate authority whose root and intermediate certificates are not present in the JDK.
Server is using a certificate issued from in house CA.
Server is using a self-signed certificate.
You need to add the root and intermediate certificates to the java cacerts key store.
One way to obtain the root and intermediate certificates by visiting the server site in the browser. Click on the secure lock pad in the url bar and explore the certificate option. You need to export the root and intermediate certificate by using the copy option and save the cert file on your system.
Go to the location eg: C:\Program Files\Java\jdk1.8.0_121\jre\lib\security where the cacerts is present and open the command prompt to execute the following command.
keytool -import -alias -aliasName -file pathToRootCA.crt -keystore cacerts
The default password is changeit
If cacerts include the Root CA certificate and still you see the error, ensure that your java program is picking up the correct keystore. It can happen that it is picking up another keystore other than cacerts.
Related
As the title says trying to connect but I get the following error.
Failed to authenticate the user ************* in Active Directory (Authentication=ActiveDirectoryPassword). javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I'm using DBeaver in this case. But this occurs in code too.
Here's what I've tried.
Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
I've replaced my cacerts file with a coworkers who's connection works without issues.
DBeaver has its cacerts within program files and I've replaced this too and tried.
I've tried the "trust server certificate" option too.
I've added Microsofts TSL1/TSL2 certificates too (https://www.microsoft.com/pki/mscorp/cps/default.htm)
Also a certificate for the server itself.
Had JDK 17 deleted it updated to JDK 19, replaced carcerts.
I'm new to Java, so anything helps.
I have a third party certificate installed in my %JAVA_HOME%/jre/lib/security/cacerts file. I have written a local test program to test that this is imported well and I receive the reply as expected.
When running the program from tomcat I receive an error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Any recommendations?
I'm trying to add a self-signed certificate to my java keystore. When I list all the certificates, it's also there, so it must have been saved. However, when I try to make a request in my class, I still get the exception:
Caused by: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
I have tried to replace the certificate but it doesn't change anything.
My company keeps the Maven dependencies on a server that has an invalid SSL certificate. We must use https to connect. When I try to run Maven, it cannot download the resources.
I know the name of the site I am trying to go to. I'd be happy to either add a security exception for the site, or just shut off all the validation of ssl certificates so that all https sites will be considered valid.
I am using Maven 3.0.4.
Here are some highlights of the stack trace when I try to build:
Caused by: org.sonatype.aether.transfer.ArtifactTransferException: Could not transfer artifact
org.apache.maven:maven-plugin-api:pom:2.0.6 from/to NexusExternal (<code>https</code>:
//mydumbcompanysbrokensite:8443/nexus/content/groups/public):
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target
...
Caused by: org.apache.maven.wagon.TransferFailedException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target
You can simply disable Maven SSL validation by adding these options to the command line :
-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true
Connecting to the LDAP server over TLS fails with the exception
org.springframework.ldap.UncategorizedLdapException: Failed to negotiate TLS session; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy.processContextAfterCreation(AbstractTlsDirContextAuthenticationStrategy.java:155)
at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:109)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
I have checked the appropriate certificates are present in my key store and imported missing ones as described in PKIX path building failed while making SSL connection however I am still getting the exception. Any ideas?
Thanks,
Nigel
The problem is with the certificates produced by LDAP servers, this has been verified and issue now resolved.