Spring Boot - Unable to find valid certification path to requested target error even after adding the cerficates to keystore

Question

I am developing a REST API using Spring Boot and trying to connect to an SSO(https) on my network. Everything worked fine until the ssl cerificate on the SSO was recently updated. Now I keep getting the following error.

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[na:1.8.0_121]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_121]
    at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_121]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_121]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[na:1.8.0_121]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_121]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[na:1.8.0_121]
    ... 90 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_121]
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_121]
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_121]
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[na:1.8.0_121]
    ... 96 common frames omitted

I have looked at other answers ans 1, ans 2 for the same problem and I have tried to add all the cerificates in the chain to keystore and it is still giving me the same exception. I have restarted the pc several times now.

When I check the keystore using list command I can see my ceritficates are present in the list but it still doesnt work.

So what am I doing wrong?

I am using Spring Boot 2.3.3 on Intellij IDEA 2020.2 and everything worked fine, even the SSO was validating the tokens but recently the SSO's ssl certifcate was updated. It is a self-signed certificate from Lets Encrypt. But I am not sure how that could be a problem since the previous certificate was also from Lets Encrypt.

What about the browser? Does it recognize the endpoint as having valid certificate? Make sure it is not expired or something. — Boris Strandjev, Oct 05 '21 at 04:28
Yes the browser recognize it just fine. Its java that doesnt recognize it — Charlie, Oct 05 '21 at 04:30
You can try letting java print the keystore it is using. maybe it is using a different keystore. (that was one problem I had in the past...) — Stephan Stahlmann, Oct 05 '21 at 05:07
@StephanStahlmann I did using -Djavax.net.debug=all. And the SSO certificate is in there along with other certs in the chain — Charlie, Oct 05 '21 at 06:07

Spring Boot - Unable to find valid certification path to requested target error even after adding the cerficates to keystore

0 Answers0