unable to find a valid certification path to requested target
As you are making an https connection from the client to the server. It is failing in the handshake process because the client needs to validate the server certificate. On the client-side, you need the issuer certificate (Root CA) to validate the server certificate. Most of the root certificates are pre-exists in JDK. Root certificates are stored, by default, in a Keystore file called cacerts. Here the server certificate is not issued by the certification authority and the server is either using the self-signed certificate or certificate issued by in house CA. You need to add the Root CA certificate to the java cacerts key store.
You can easily retrieve the Root CA certificate by visiting the server site in the browser. Click on the secure lock pad in the url bar and explore the certificate option. You need to export the Root CA certificate by using the copy option and save the cert file on your system.
Go to the location eg: C:\Program Files\Java\jdk1.8.0_121\jre\lib\security where the cacerts is present and open the command prompt to execute the following command.
keytool -import -alias -aliasName -file pathToRootCA.crt -keystore cacerts
Password is changeit
Related videos on Youtube
07 : 51
05 : 39
02 : 10
11 : 10
03 : 33
06 : 34
04 : 44
02 : 24
san
Updated on March 28, 2021Comments
-
san about 3 years
I am making a post request using a restTemplate and I am getting the following error: unable to find a valid certification path to requested target
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'transformToListClass': Invocation of init method failed; nested exception is java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Caused by: java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetAnd my method below:
public ImageDescriptor generateImage(String payLoad, String templateName, String slogPrefix) { try { ImageDescriptor descriptor = new ImageDescriptor(); String myEUrl = "https://emploenefitsdev/rion/v1/rion/"; String eURL = myUrl.concat(Constant.F_SLASH).concat(templateName); log.info("payload" + payLoad); ResponseEntity<Resource> responseEntity = restTemplate.exchange( eURL, HttpMethod.POST, niService.getStringHttpEntityWithPayload(payLoad), Resource.class); log.info(String.format("%s generateImage Result: [%s] ", slogPrefix, responseEntity.getStatusCode())); descriptor.setInputStream(Objects.requireNonNull(responseEntity.getBody()).getInputStream()); convert(responseEntity.getBody().getInputStream(), "sherrr.pdf"); log.info("file is:"+ convert(responseEntity.getBody().getInputStream(), "sherrr.pdf")); return descriptor; } catch (IOException e) { e.printStackTrace(); log.error("Error: " + slogPrefix + " generate image failed " + e.getMessage()); throw new RuntimeException(e); } } -
sakura about 3 yearsIn my case Server has a CA signed certificate, why I need to do this manually? Any option in java code.
-
B.S about 3 yearsIf client has the server's root and intermediates certificates then instead of adding it to java default truststore, one can programmatically create the custom truststore in java inside the app. -
mekoda over 2 yearsThis should be flagged as the answer. I've seen some responses about the same issue, but none of them were clear as this one.
