1

I need to consume some HTTPS web services. To use the certificate, I'm setting (javax.net.ssl) trustStore, trustStorePassword, keyStore and keyStorePassword properties through the System.setProperty.

If I do new URL([HTTPS...WSDL]).openStream(), it works. So, I'm sure that trust and keystore properties are ok (without setting those properties, my routine failed).

The problem is when I try to consume the service, I'm getting the famous

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

exception.

Anyone have an idea of what I need to do? Thanks a lot.

Raedwald
  • 46,613
  • 43
  • 151
  • 237
bruno.zambiazi
  • 1,422
  • 14
  • 19
  • Check this post https://stackoverflow.com/questions/7709540/how-to-solve-sun-security-provider-certpath-suncertpathbuilderexception – ChristofferPass May 05 '15 at 21:46
  • Does your trust store include the whole certificate chain of the server certificate (CA->(intermediate)->server cert)? Have you tried without setting the truststore and truststorepass explicitly, i.e. defaulting to the `cacerts` truststore that ships with the JRE? You shouldn't need to specify a truststore if the CA of the server certificate is "well-known". – Mick Mnemonic May 05 '15 at 21:54

1 Answers1

0

There are three possible failures:

  1. You are using a self-signed certificate.
  2. Your certificate has been signed by a common CA (Certificate Authority) using an intermediate certificate, but their intermediate certificate is not served by your web server.
  3. Both the server certificate and the CA intermediate certificate are served by your web server, but the Java truststore does not contain the root certificate.

To solve the last step use: Import CA root cert

user6418193
  • 38
  • 6