0
 Downloading https://services.gradle.org/distributions/gradle-2.12-bin.zip

 Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Similar issue to this:

gradlew.bat (and gradlew) SSLHandShakeException

Except I only get this exception when executing via the wrapper? (Installed local gradle command works without any problems.) I tried the solutions suggested and just cannot get it to work. I even downloaded and installed the certificate from https://services.gradle.org/distributions/ in cacerts

 keytool -import -file "C:\tmp\gradlew.x509.base64.cer" -alias gradle -keystore "C:\Apps\java\jre\lib\security\cacerts"

I got the command from the wrapper:

 java -Dorg.gradle.appname=gradlew -classpath "C:\mystuff\gradle-2.12\samples\java\multiproject\\gradle\wrapper\gradle-wrapper.jar" org.gradle.wrapper.GradleWrapperMain clean

My guess is maybe something is wrong with the certificate itself or maybe I am using the wrong encoding?

 $ java -version
 Picked up _JAVA_OPTIONS: -Xmx512M
 java version "1.7.0_25"
 Java(TM) SE Runtime Environment (build 1.7.0_25-b17)
 Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)

To complicate this, I tried installing certificate from gradle using the method suggested here, which appears to have worked (according to output)

http://infposs.blogspot.ca/2013/06/installcert-and-java-7.html

But when I run the wrapper, I still get the same error.

Community
  • 1
  • 1
niken
  • 2,499
  • 3
  • 33
  • 56

1 Answers1

0

I do not know a lot about SSL certs, but I noticed that when I try to install cert for the url above, 2 certificates are actually returned... Taking a closer look at the java code in InstallCert.java I noticed that it only installs (naively?) the 1st certificate.

I changed the code in InstallCert.java (added a for loop) and viola, the certificate was installed and gradle and java were happy to exchange handshakes and everyone lived happily ever after.

Here's the code I changed

for (int i = 0; i < chain.length; i++) {

    final X509Certificate cert = chain[i];
    final String alias = host + "-" + (i + 1);
    ks.setCertificateEntry(alias, cert);

    final OutputStream out = new FileOutputStream(file);
    ks.store(out, passphrase);
    out.close();

    System.out.println();
    System.out.println(cert);
    System.out.println();
    System.out.println(
            "Added certificate to keystore 'cacerts' using alias '"
                    + alias + "'");
 }

It goes at the end of the main function where the actual keystore methods are called.

So if you make the modification above to InstallCert.java, solution is pretty simple:

javac InstallCert.java
java InstallCert services.gradle.org

By the way what led me to investigate this avenue is when I ran the client against an older version of java (1.6 I think), it spit out the following error:

    java.security.cert.CertPathValidatorException: The certificate issued by ... is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error
niken
  • 2,499
  • 3
  • 33
  • 56