0

I am getting a javax.net.ssl.SSLHandshakeException when using the DocuSign API handshake.

Trying to use the DocuSign API login samples gives a cert error.

The following code is a sample from DocuSign. It sets up a Signer and DocuSign Configuration object. When doing the setDefaultApiClient call, the error is generated.

Exception in thread "main" com.sun.jersey.api.client.ClientHandlerException: jav ax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKI X path building failed: sun.security.provider.certpath.SunCertPathBuilderExcepti on: unable to find valid certification path to requested target at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle (URLConnectionClientHandler.java:155) at com.sun.jersey.api.client.Client.handle(Client.java:652) at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682) at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:509) at com.docusign.esign.client.ApiClient.getAPIResponse(ApiClient.java:563) at com.docusign.esign.client.ApiClient.invokeAPI(ApiClient.java:595) at com.docusign.esign.api.AuthenticationApi.login(AuthenticationApi.java:156)

Added

// initialize the api client ApiClient apiClient = new ApiClient();  
apiClient.setBasePath(BaseUrl); // create JSON formatted auth header   
String creds = "{\"Username\":\"" + UserName + 
   "\",\"Password\":\"" + Password + "\",\"IntegratorKey\":\"" +
   IntegratorKey + "\"}"; 
apiClient.addDefaultHeader("X-DocuSign-Authentication", creds);
System.out.println("assign api client to the Configuration object ");
Configuration.setDefaultApiClient(apiClient); }
Ishaan Javali
  • 1,711
  • 3
  • 13
  • 23
Tom Larson
  • 1
  • 1
  • Here is the code used to implement the docusign api call – Tom Larson Jul 25 '16 at 17:13
  • // initialize the api client ApiClient apiClient = new ApiClient(); apiClient.setBasePath(BaseUrl); // create JSON formatted auth header String creds = "{\"Username\":\"" + UserName + "\",\"Password\":\"" + Password + "\",\"IntegratorKey\":\"" + IntegratorKey + "\"}"; apiClient.addDefaultHeader("X-DocuSign-Authentication", creds); System.out.println("assign api client to the Configuration object "); Configuration.setDefaultApiClient(apiClient); } – Tom Larson Jul 25 '16 at 17:14
  • Welcome to StackOverflow! Just as a tip, you can edit your question so that all of your code is in the question. – Daniel M. Jul 25 '16 at 17:23
  • Welcome to StackOverflow! I copied your comment into your question. – Larry K Jul 26 '16 at 08:01
  • Please remember to upvote all useful answers (including those to others' questions), and to "check" the answer that best solves your question. – Larry K Jul 26 '16 at 08:11

1 Answers1

0

"unable to find valid certification path" means that you need to set up your Java stack with the "standard" set of trusted root certs.

What's happening: you're trying to make an SSL connection to DocuSign. As part of the SSL process, your machine has to determine if it trusts the far end (DocuSign in this case) or not.

To do so: your SSL stack tries to build a trust path from its trust store of root CA certs to the cert offered by DocuSign. But it can't since you haven't set up your trust store properly.

The usual "standard" set of trusted root certs are the ones that the Mozilla Firefox browser uses.

See https://curl.haxx.se/docs/caextract.html

How to load them into your Java stack as trusted certs is stack-dependent.

This SO question looks relevant but I'm not a Java guy. Ask another question if you can't figure it out.

Community
  • 1
  • 1
Larry K
  • 47,808
  • 15
  • 87
  • 140
  • I have added this to my cacerts store in my jre directory – Tom Larson Aug 05 '16 at 17:44
  • Added this to C:\Program Files\Java\jdk1.7.0_45\jre\lib\security\cacerts store. Also added demo.docusign.net.crt, DocuSignCodeSigningPublicCertificate.cer, sso.docusign.net.crt to my cacerts store under my jdk. Calling my code with java -jar costco-docusigntest.jar -Djavax.net.debug=ssl:handshake Getting the following error. Exception in thread "main" – Tom Larson Aug 05 '16 at 17:51
  • Exception in thread "main" com.sun.jersey.api.client.ClientHandlerException: jav ax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKI X path building failed: sun.security.provider.certpath.SunCertPathBuilderExcepti on: unable to find valid certification path to requested target at com. .. at com.costco.docusign.CoreRecipes.main(CoreRecipes.java:1061) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath BuilderException: unable t . – Tom Larson Aug 05 '16 at 17:52