1

Recently we had an issue with one of our java applications that was trying to run an SSL protected web service of amazone load balancer,that had their certificate signed by GoDaddy. we did not Copy and paste the contents of the public key certificate chain file (PEM-encoded) in the Certificate Chain box. now we were seeing the following error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

. Is there a way to resolve this exception?

Munees Majid
  • 747
  • 2
  • 8
  • 22

1 Answers1

1

This error means your java keystore doesnt have ssl certificate for service you are trying to connect. You need to add the public certificate of GoDaddy/Intermediate CA to your java keystore. you can use keytool command for that

coder
  • 4,458
  • 2
  • 17
  • 23
  • it is actually a **TrustStore** that he should import the certificate into. See the diff between KeyStore and TrustStore http://stackoverflow.com/questions/318441/truststore-and-keystore-definitions – Bimalesh Jha Sep 27 '13 at 09:16
  • yes TrustStore and keyStore are logical names, key store keeps pvt keys and TrustStore contains public certs that host server trusts. But same store can be used both as keystore and truststore – coder Sep 27 '13 at 09:47
  • @coder you mean Copy and paste the contents of the public key of Intermediate certificate (PEM-encoded) in the Certificate Chain box?. A keystore contains private keys, and the certificates with their corresponding public keys.we can only add this private keys and public keys into amazone ec2. – Munees Majid Sep 28 '13 at 04:42
  • 1
    Usng a single file for both keystore and truststore is poor practice. One is very very private, the other is public. Don't conflate them. – user207421 Sep 28 '13 at 07:39
  • @muneesmajid: just to be clear there is a amazon loadbalancer webservice that is acceebile over ssl. You have a java application running on some machine trying to access that webservice and you getting sslhandshake exception for that. And sorry I am not clear what is Certificate Chain box. ? – coder Sep 28 '13 at 17:01
  • now it is working after adding the public certificate of GoDaddy/Intermediate CA. – Munees Majid Oct 03 '13 at 05:20