I have a problem. I got SSL exception constantly. I did configure these things:
- Already added cert file into java cacerts
- Already added SSL config on my Spring boot project
but I got SSL exception when I attempt to call external API from spring boot project.
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Apr 02 10:04:44 java[13294]: at sun.security.ssl.Alert.createSSLException(Alert.java:131) Apr 02 10:04:44 java[13294]: at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) Apr 02 10:04:44 java[13294]: at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) Apr 02 10:04:44 java[13294]: at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) Apr 02 10:04:44 java[13294]: at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) Apr 02 10:04:44 java[13294]: at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) Apr 02 10:04:44 java[13294]: at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) Apr 02 10:04:44 java[13294]: at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) Apr 02 10:04:44 java[13294]: at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) Apr 02 10:04:44 java[13294]: at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) Apr 02 10:04:44 java[13294]: at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) Apr 02 10:04:44 java[13294]: at sun.security.ssl.SSLTransport.decode(SSLTransport.java:149) Apr 02 10:04:44 java[13294]: at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1143) Apr 02 10:04:44 java[13294]: at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1054) Apr 02 10:04:44 java[13294]: at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394) Apr 02 10:04:44 java[13294]: at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) Apr 02 10:04:44 java[13294]: at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) Apr 02 10:04:44 java[13294]: at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340) Apr 02 10:04:44 java[13294]: at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315) Apr 02 10:04:44 java[13294]: at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264) Apr 02 10:04:44 java[13294]: at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:104) Apr 02 10:04:44 dbx-gauli java[13294]: ... 124 more Apr 02 10:04:44 java[13294]: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Apr 02 10:04:44 java[13294]: at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456) Apr 02 10:04:44 java[13294]: at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323) Apr 02 10:04:44 java[13294]: at sun.security.validator.Validator.validate(Validator.java:271) Apr 02 10:04:44 java[13294]: at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315) Apr 02 10:04:44 java[13294]: at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223) Apr 02 10:04:44 java[13294]: at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) Apr 02 10:04:44 java[13294]: at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638) Apr 02 10:04:44 java[13294]: ... 140 more Apr 02 10:04:44 java[13294]: Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Apr 02 10:04:44 java[13294]: at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) Apr 02 10:04:44 java[13294]: at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) Apr 02 10:04:44 java[13294]: at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) Apr 02 10:04:44 java[13294]: at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
My Java config looks like that:
SSLContext sslContext = SSLContext.getInstance("SSL");
// set up a TrustManager that trusts everything
sslContext.init(null, new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
System.out.println("getAcceptedIssuers =============");
return null;
}
public void checkClientTrusted(X509Certificate[] certs,
String authType) {
System.out.println("checkClientTrusted =============");
}
public void checkServerTrusted(X509Certificate[] certs,
String authType) {
System.out.println("checkServerTrusted =============");
}
} }, new SecureRandom());
SSLSocketFactory sf = new SSLSocketFactory(sslContext);
Scheme httpsScheme = new Scheme("https", 443, sf);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(httpsScheme);
