0

I'm reviewing a training project - working with a mail server gmail.com. An error occurred at startup:

Failed receive: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

On this site I found instructions on how to connect the certificate: PKIX path building failed” and “unable to find valid certification path to requested target I'm reviewing a training project - working with a mail server gmail.com. An error occurred at startup:

Failed receive: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target On this site I found instructions on how to connect the certificate: PKIX path building failed” and " unable to find valid certification path to requested target

I did everything according to the instructions:

  1. In chrome, I downloaded the certificate from this site, saved it to the mg mail.cer file

  2. I connected it with the command

    keytool -import -alias gmail -keystore c:\Development\Java\jdk11\lib\security\cacerts -file m gmail.com

  3. I overloaded the computer, but the error still remains

  4. I check with the command

    keytool -list -trustcacerts -keystore "%JAVA_HOME%\lib\security\cacerts" -storepass changeit the certificate is in the list:

    mgmail, 2 февр. 2021 г., trustedCertEntry, Certificate fingerprint (SHA-256): 9A:63:32:BE:95:...

What did I miss?

alex
  • 324
  • 1
  • 8
  • 28

2 Answers2

1

According to this error, It seems like you haven't imported the full cert chain to the trust store (root, intermediate and leaf certs).

enter image description here

In Firefox, You can easily download the full certificate chain. Then please import all 3 certificates to your trust store.

Shanaka Sandanayaka
  • 21
  • 1
  • Downloaded the entire certificate chain. I connected them. It's still the same mistake. I don't understand what else needs to be done? – alex Feb 06 '21 at 09:50
  • Thing is if you import certificate chain to the trust store, It will only import the first certificate of the chain. instead, Please download 3 certificates separately and import them one at a time to the keystore. Then you might have to restart your application to get this change effect, And also, Please verify whether the certificate was successfully imported using the "keytool -list" command – Shanaka Sandanayaka Feb 07 '21 at 10:26
  • I don't understand how you can download a certificate chain with different files. I go to the certificates page in FireFox. And there you can download either a certificate or a chain of certificates in one file. – alex Feb 09 '21 at 08:42
  • I copied three certificates from the google site. They had the same names, but different sizes. I connected all three certificates. It's still the same error. – alex Feb 09 '21 at 10:30
0

I am not sure while importing the cerficate specifying the alias matters, i tried below and its working for me.

1). Use git bash command line tool(if you are in windows) $ echo | openssl s_client -connect smtp.gmail.com:465 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > yourcert.pem

2). Now copy the certificate to JDK\bin directory or specify the location of your certificate file and execute the below command in Administrator mode.

C:\Program Files\Java\jdk-11\bin>keytool -import -alias smtp.gmail.com -keystore "C:\Program Files\Java\jdk-11\lib\security\cacerts" -file yourcert.pem

Sandeep Dm
  • 1