1

Where I run the below code I get the error: 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have tried to add the Certificate to the CAcerts keystore for the JDK but with no change in the error. Is their anyway to figure out what keystore it is reading from? Or is this problem something else?

public static void main(String args[]) throws Exception {

        SOAPConnectionFactory soapConnectionFactory = SOAPConnectionFactory.newInstance();
        SOAPConnection soapConnection = soapConnectionFactory.createConnection();


        String url = "https://www.mywebservice.com/ws";


    SOAPMessage soapResponse = soapConnection.call(createSOAPRequest(),url);



        // print SOAP Response
        System.out.print("Response SOAP Message:");
        soapResponse.writeTo(System.out);

        soapConnection.close();


    }

Thank you and I will happily provide any other details required.

Ant s
  • 31
  • 1
  • 1
  • 5
  • Possible duplicate of [Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target](https://stackoverflow.com/questions/6908948/java-sun-security-provider-certpath-suncertpathbuilderexception-unable-to-find) – Vladislav Kysliy May 22 '18 at 10:09

3 Answers3

3

You have to add the server certificate, or the root CA to the truststore used by JDK. By default is used jre/lib/security/cacerts.

If you already imported the server certificate, then verify that you are actually using the correct JDK, or the certificate is successfully imported. You can use a GUI tool like http://www.keystore-explorer.org/ or use keytool

You can also use your own trustore (recommended) using a JKS file which includes the server certificate. Configure the usage in this way

System.setProperty ("javax.net.ssl.trustStore", path_to_your_trustore_jks_file);
System.setProperty ("javax.net.ssl.trustStorePassword", "password");
pedrofb
  • 37,271
  • 5
  • 94
  • 142
  • thanks this definitely helped me. i am try to run soap service using java, while doing so i had to configure these properties: `System.setProperty ("javax.net.ssl.trustStore", "C:\\Users\\username\\My Softwares\\my cacerts\\cacertscopy"); System.setProperty ("javax.net.ssl.trustStorePassword", "changeit"); System.setProperty ("javax.net.ssl.trustStoreType","JKS");` and I also download keystore from the KEYSTORE.ORG and imported certificate of our server. It is better to make another copy of cacerts file and save it under working project. – MKod Jul 09 '18 at 12:55
0

I get a similar exception when trying to install a fresh copy of Eclipse on my work computer. I clicked the INSTALL button in the Eclipse Installer app and it starts and then fails.

Here's is a summary of the chain of the exceptions I see once I review the error log generated after I clicked INSTALL button:

[2023-04-06 18:25:37] Executing bootstrap tasks
[2023-04-06 18:25:37] OpenJDK Runtime Environment 17.0.6+10
[2023-04-06 18:25:37] Product org.eclipse.products.epp.package.java.2023-03
[2023-04-06 18:25:37] Bundle org.eclipse.oomph.setup 1.26.0.v20230203-1538, build=5840, branch=232d5d6b465d15aa8cd333d7222eabc545dd1478
[2023-04-06 18:25:37] Bundle org.eclipse.oomph.setup.core 1.26.0.v20230204-0932, build=5840, branch=232d5d6b465d15aa8cd333d7222eabc545dd1478
[2023-04-06 18:25:37] Bundle org.eclipse.oomph.setup.p2 1.19.0.v20220607-1104, build=5840, branch=232d5d6b465d15aa8cd333d7222eabc545dd1478
[2023-04-06 18:25:37] Performing P2 Director (Eclipse IDE for Java Developers (2023-03))
...
[2023-04-06 18:25:37] Requirement org.eclipse.equinox.p2.iu:org.eclipse.wildwebdeveloper.xml.feature.feature.group
[2023-04-06 18:25:37] Requirement org.eclipse.equinox.p2.iu:org.eclipse.oomph.setup.feature.group
[2023-04-06 18:25:37] Repository https://download.eclipse.org/technology/epp/packages/2023-03/202303091200
[2023-04-06 18:25:37] Repository https://download.eclipse.org/releases/2023-03/202303151000
[2023-04-06 18:25:37] Repository https://download.eclipse.org/oomph/updates/milestone/latest
[2023-04-06 18:25:39] ERROR: org.eclipse.equinox.p2.transport.ecf code=1002 Unable to read repository at https://download.eclipse.org/technology/epp/packages/2023-03/202303091200/content.xml.
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at java.base/sun.security.validator.Validator.validate(Unknown Source)
  at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at
java.base/sun.security.validator.Validator.validate(Unknown Source)
Ricardo Parada
  • 1
0

If you are using Zscaler, download ZscalerRootCA.crt certificate from browser and apply it to cacerts file for your jdk. Open CMD with admin rights and run keytool command in your jdk folder as below.

C:\Program Files\Java\jdk-20\lib\security>keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias ZscalerRootCA -file ZscalerRootCA.crt
Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Mesut
  • 36
  • 3