0

I am totally new to web services. I am tying to connect through SSL connection. I followed this site: SSLHandshakeException: PKIX: unable to find valid certification path to requested target , this thread How to solve javax.net.ssl.SSLHandshakeException Error? and I did add the certificate to the keystore as follow:

keytool -importcert -alias <some name> -file <Certifacate path> -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit

and I checked it is exists by using keytool -list command

The problem is that I got this error message when I trying to connect through SSL in the application:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I also tried to add the trustStore location and password in the application as follow:

System.setProperty("javax.net.ssl.trustStore","C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

But still got the same error.

I am using Jdeveloper 11g R1 and JDK 7, if that's help.

Update:

After further reading some solutions said I need to make this path:

C:\Program Files\Java\jdk1.7.0_09\jre\lib\security\cacerts

As truststore

I replace the above java statement to be as follow:

System.setProperty("javax.net.ssl.trustStore","C:\\Program Files\\Java\\jdk1.7.0_09\\jre\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

but still I am getting the same error !!

Community
  • 1
  • 1
Salman
  • 1,236
  • 5
  • 30
  • 59
  • possible duplicate of [Getting error: PKIX path building failed: unable to find valid certification path to requested target](http://stackoverflow.com/questions/17388279/getting-error-pkix-path-building-failed-unable-to-find-valid-certification-pat) – Warren Dew Apr 20 '14 at 16:37
  • @WarrenDew I already did that as I describeed in the question – Salman Apr 21 '14 at 06:49
  • 1
    Setting javax.net.ssl.trustStore to the JRE default is what already happens by default. You don't need to do it at all. As long as you imported the certificate into the correct cacerts file, and told the keytool to trust it as a CA certificate, it should work. – user207421 Apr 21 '14 at 07:15

1 Answers1

0

After I got the certificate form third party I did the following:

  1. Adding the certificate to the trusted root certificate in the browser with server Authentication check form the advance option.

  2. Adding the certificate to the trust certificate using keytool options in the command prompt refer to this link: Resolving javax.net.ssl.SSLHandshakeException for mor information.

After long search I found that the cause of the problem unable to find valid certification path to requested target as follow: (Note: that's what I found out there may be more)

a. There is a missing intermediate certificates that is not added.

to solve this issue you need to add the root certificate and all the other will be added by default. To find out the certificate used by your third party refer to the following links. Basically, the proposed solution will provide you with a java class called (InsertCert.java) that will provide you with the certificates used by the server. what do you need is to pass the host name as a parameters. Find the details in the following links:

b .You are adding the certificate in the wrong cacerts file.

To solve this issue refer to the same java class mentioned earlier (InsertCert.java) and it will provide with the correct cacerts path in my case I am using Jdeveloper 11.1.1.7 and the path is:

C:\Oracle\Middleware\JDeveloper\JDeveloper11117\jdk160_24\jre\lib\security\cacerts
Community
  • 1
  • 1
Salman
  • 1,236
  • 5
  • 30
  • 59