1

I'm currently representing a colleague on vacation. One of the applications he was in charge of has been reporting the following error for a few days.

Error: IOException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I did some research and found out that it might be related to a self-signed certificate which is not found in the trust store.

But since I haven't changed anything and everything worked fine before, can it be that the certificate has expired? Can an expired certificate produce such an error message? If so, can I somehow determine the expiration date from a key store file?

Karol Dowbecki
  • 43,645
  • 9
  • 78
  • 111
Trillian
  • 411
  • 4
  • 15

1 Answers1

1

It doesn't look like an expired certificate. Based on this question the expired certificate should produced CertPathValidatorException: timestamp check failed message e.g.

qtp1735121130-17, handling exception: javax.net.ssl.SSLHandshakeException:
   sun.security.validator.ValidatorException: PKIX path validation failed:
   java.security.cert.CertPathValidatorException: timestamp check failed

You can take a look at How to Analyze Java SSL Errors article to see what else can you do, it boils down to using -Djava.net.debug option and analyzing logs.

I'd start by comparing the self-signed certification in trust store against the one that is actually used on the environment. Self-signed certificates are easy to issue, perhaps someone has issued a new version.

Karol Dowbecki
  • 43,645
  • 9
  • 78
  • 111
  • Thank you for your answer and the recommended links. Since the info "timestamp check failed" is missing, it will not be the expiration date i think. I will investigate it further and in case of success post the solution. It will probably take a while because I'm neither so experienced in java nor in security issues. – Trillian Jul 17 '19 at 13:15