SunCertPathBuilderException - Server Certificate Error

Q

Why I am getting this "SunCertPathBuilderException" error for my Java application? The error message says "unable to find valid certification path to requested target".

✍: FYIcenter.com

A

If you are getting the "sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" error, you Java application is not able to validate the server's certificate path to reach trusted certificate.

You need to do the following to resolve the error:

  • Get a copy of the certificate or certificate chain from the server where your application is trying to communicate.
  • If the server certificate is self-signed, add it to the Java trusted keystore file: "cacerts", assuming you trust the server.
  • If the top certificate of the server certificate chain is self-signed, add it to the Java trusted keystore file: "cacerts", assuming you trust this top certificate.
  • If the top certificate is signed by a CA (Certificate Authority), download the CA certificate from CA Web site and add it to the Java trusted keystore file: "cacerts", assuming you trust this CA certificate.
  • See "Java Trusted Certificates Location on Windows" tutorial on the "cacerts" location.

An example of the "SunCertPathBuilderException" error message is listed below:

javax.net.ssl.SSLHandshakeException:                               
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target        
   at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(...)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(...)
   at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(...)
   at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(...)
   at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(...)
   at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(...)
   at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(...)
   at com.sun.net.ssl.internal.ssl.Handshaker.process_record(...)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(...)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(...)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(...)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(...)
   at sun.net.www.protocol.https.HttpsClient.afterConnect(...)
   at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(...)
   at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(...)

 

Adding Trusted Certificates for Java on Windows

Common Causes for "PKIX path building failed" Error

Using Certificates with Java VM

⇑⇑ Certificates on Java VM

2012-07-21, 7509🔥, 0💬