1

SOLVED - I solved it by copying my cacerts file from my windows machine to the pi.

I'm writing an application to get a json string from a webserver using long polling, The application ran fine on my windows machine where I was developing. I then moved the source to a raspberry pi and compiled it and now it is throwing this exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
            at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
            at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
            at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
            at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369)
            at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
            at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
            at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
            at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
            at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
            at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
            at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
            at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
            at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1511)
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1439)
            at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
            at VideoBoard.main(VideoBoard.java:29)
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
            at sun.security.validator.Validator.validate(Validator.java:260)
            at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
            at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
            at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
            at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
            ... 13 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
            ... 19 more

My website is hosted by GoDaddy and they also are supplying the SSL certificate. There are no issues when accessing the site from my desktop through the browser or java and all indications show that the SSL certificate is valid and trusted by my machine.

James
  • 110
  • 9
  • URLConnection connection = new URL(url + "?" + query).openConnection(); connection.setRequestProperty("Accept-Charset", charset); InputStream response = connection.getInputStream(); – James Aug 28 '15 at 19:42

1 Answers1

1

The OS you're using on the Raspberry Pi doesn't have a trusted certificate in the certificate path of the one you're using on your server. In other words, the Pi doesn't know to trust that your server is what it says it is.

To fix this, you need to install GoDaddy's root certificate on your Pi. If you're using Raspbian or another Debian-derived OS, here is a good write up on how to do this, and here is GoDaddy's certificate repository.

F. Stephen Q
  • 4,208
  • 1
  • 19
  • 42
  • I've installed 3 certificates that seem to make the most sense and still no luck. – James Aug 28 '15 at 19:43
  • Can you try opening your browser, navigate to your site, and click on the lock icon in the address bar, and look to see which certificate authority your certificate is verified by? And I'm sorry, that first link was a little unclear; are you putting the certificates in a new directory in `/usr/local/share/ca-certificates/` and then running `sudo update-ca-certificates`? – F. Stephen Q Aug 28 '15 at 20:01
  • /usr/local/share/ca-certificates/godaddy.org$ ls gd-class2-root.crt gdig2.crt gdroot-g2.crt – James Aug 28 '15 at 20:07
  • I would try grabbing gd_intermediate.crt as well. – F. Stephen Q Aug 28 '15 at 20:14
  • I added that one, I also used windows/chrome to export the certificates and put them in as well... Still nothing. – James Aug 28 '15 at 20:22
  • I think I've found the answer on [another post](http://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-security-validator-validatore); hope it helps – F. Stephen Q Aug 28 '15 at 20:24
  • 1
    I solved it by copying my cacerts file from my windows machine to the pi. – James Aug 28 '15 at 20:43
  • Glad to hear it got sorted out! – F. Stephen Q Aug 28 '15 at 20:51