We are getting below exception “sun.security.provider.certpath.SunCertPathBuilderException” error on JBoss instance.
Error log:
Error log:
*********************************************************************************
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:728)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
*********************************************************************************
METHOD 2: Create a new keystore and import certificates and provide the location to application server standalone.conf.bat OR standalone.conf file. and provide the password of keystore file.
Step 1: command to create new trsutstore (.jks) file.
Command :
keytool -import -trustcacerts -alias "alias_name" -file certificate.cer -keystore truststorecert.jks
OR
keytool -import -alias server -file server.cer -keystore truststorecert.jks
Step 2: Make configuration changes on JBoss (standalone.conf.bat).
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=D:/path/truststorecert.jks -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStorePassword=123password"
Step 3: Restart the application server to reflect the changes.
Thanks :-)
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:728)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
*********************************************************************************
OBSERVATION:
While java makes a connection to another application services over HTTPS connections, to make this connection successful another party certificate should be imported to the installed JAVA keystore ( $JAVA_HOME/jre/lib/security/cacerts ) file which is known as truststore.
OR
We can create a keystore and import the trusted certificates and provide its location to standalone.conf.bat or standalone .conf file.
OR
We can create a keystore and import the trusted certificates and provide its location to standalone.conf.bat or standalone .conf file.
SOLUTION:
Method 1: Import the signed or trust store certificate to JDK ( $JAVA_HOME/jre/lib/security/cacerts ) file.
Command:
keytool -import -trustcacerts -alias "alias_name" -file certificate.cer -keystore cacerts
OR
keytool -import -alias server -file server.cer -keystore cacerts
Method 1: Import the signed or trust store certificate to JDK ( $JAVA_HOME/jre/lib/security/cacerts ) file.
Command:
keytool -import -trustcacerts -alias "alias_name" -file certificate.cer -keystore cacerts
OR
keytool -import -alias server -file server.cer -keystore cacerts
METHOD 2: Create a new keystore and import certificates and provide the location to application server standalone.conf.bat OR standalone.conf file. and provide the password of keystore file.
Step 1: command to create new trsutstore (.jks) file.
Command :
keytool -import -trustcacerts -alias "alias_name" -file certificate.cer -keystore truststorecert.jks
OR
keytool -import -alias server -file server.cer -keystore truststorecert.jks
Step 2: Make configuration changes on JBoss (standalone.conf.bat).
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=D:/path/truststorecert.jks -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStorePassword=123password"
Step 3: Restart the application server to reflect the changes.
Thanks :-)