javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

By: Ramlak Viewed: 90 times  Printer Friendly Format    


javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Are you getting this error? This simply means that the web server or the URL you are connecting to does not have a valid certificate from an authorized CA. But however, being a programmer you would want to find out the alternative way to solve this issue.

What you need to do is to import the server certificate and install it in your JDK's keystore. If I am talking greek, its ok. I too just leant this. Just follow these steps and you will be able to get rid of that error.

1. First of all you copy the URL that you are connecting to and paste it in your browser. Let us say you are using IE. Just paste the url in the address bar and press enter.

2. You will now probably see a dialog box warning you about the certificate. Now click on the 'View Certificate' and install the certificate. Ignore any warning messages.

3. Now that the server certificate is installed in your computer, your browser will not warn you when you visit the same site again. But however your JRE dumb as it is does not yet know about this certificate's existence until you add it to its keystore. Usually you will use the keytool to manage certificates. Keytool is a command-line utility with numerous arguments that allow you to create and manage keystores for housing digital certificates. For the complete documentation of keytool,http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html

4. You can list the current certificates contained within a keystore using they keytool -list command. The initial password for the cacerts keystore is changeit. For example:

    C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list -keystore ..\lib\security\cacerts

    Enter keystore password: changeit

    You will then see the something like this:

    Keystore type: jks

    Keystore provider: SUN

    Your keystore contains 11 entries:

    engweb, Wed Apr 11 16:22:49 EDT 2001, trustedCertEntry,

    Certificate fingerprint (MD5): 8C:24:DA:52:7A:4A:16:4B:8E:FB:67:44:C9:D2:E4:16

    thawtepersonalfreemailca, Fri Feb 12 15:12:16 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9

    thawtepersonalbasicca, Fri Feb 12 15:11:01 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41

    verisignclass3ca, Mon Jun 29 13:05:51 EDT 1998, trustedCertEntry,

    Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D

    thawteserverca, Fri Feb 12 15:14:33 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D

    thawtepersonalpremiumca, Fri Feb 12 15:13:21 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D

      verisignclass4ca, Mon Jun 29 13:06:57 EDT 1998, trustedCertEntry,

      Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10

      verisignclass1ca, Mon Jun 29 13:06:17 EDT 1998, trustedCertEntry,

      Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20

    verisignserverca, Mon Jun 29 13:07:34 EDT 1998, trustedCertEntry,

    Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93

    thawtepremiumserverca, Fri Feb 12 15:15:26 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A

    verisignclass2ca, Mon Jun 29 13:06:39 EDT 1998, trustedCertEntry,

    Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8

     

5. Now you have to add the previosly installed certificate to this keystore. To add, begin by exporting your CA Root certificate as a DER-encoded binary file and save it as C:\root.cer. (you can view the installed certificates under Tools->'Internet Options' ->Content->Certificates. Once you open the certificates, locate the one you just installed under 'Trusted Root Certification Authorities". Select the right one and click on 'export'. You can now save it (DER encoded binary) under your c: drive.

6. Then use the keytool -import command to import the file into your cacerts keystore. 

    For example:-alias myprivateroot -keystore ..\lib\security\cacerts -file c:\root.cer

Enter keystore password: changeit

Owner: CN=Division name, OU=Department, O=Your Company, L=Anytown,

ST=NC, C=US, EmailAddress=you@company.com

Issuer: CN=Division name, OU=Department, O=Your Company, L=Anytown,

ST=NC, C=US, EmailAddress=you@company.com

Serial number: 79805d77eecfadb147e84f8cc2a22106

Valid from: Wed Sep 19 14:15:10 EDT 2001 until: Mon Sep 19 14:23:20 EDT 2101

Certificate fingerprints:

MD5: B6:30:03:DC:6D:73:57:9B:F4:EE:13:16:C7:68:85:09

SHA1: B5:C3:BB:CA:34:DF:54:85:2A:E9:B2:05:E0:F7:84:1E:6E:E3:E7:68

Trust this certificate? [no]: yes

Certificate was added to keystore

7. Now run keytool -list again to verify that your private root certificate was added:

    C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list -keystore ..\lib\security\cacerts

You will now see a list of all the certificates including the one you just added.

This confirms that your private root certificate has been added to the Extranet server cacerts keystore as a trusted certificate authority.



Most Viewed Articles (in Java Beans )

Latest Articles (in Java Beans)

Comment on this tutorial

Subscribe to Tutorials

Related Tutorials

Archived Comments

1. Thank you! This article helped me to solve this pr
View Tutorial          By: Stan Devyatovsky at 2008-09-12 05:20:20

2. Your post helped me to resolve the SSH exception..
View Tutorial          By: Ashwini at 2008-07-14 12:47:32

3. Great!! But when I use wscompile to create stub,I
View Tutorial          By: Baven at 2008-07-22 15:55:52

4. Hello, your post helped me a lot with solving my o
View Tutorial          By: Florian Brunner at 2008-06-26 08:59:42

5. Thanks ! I found it very useful !
View Tutorial          By: Rownak Ehsan at 2008-04-29 00:50:10

6. Thx, this helped a lot.

How can I I

View Tutorial          By: Marko at 2008-10-09 01:32:37

7. So well explained that i thought during about 5 mi
View Tutorial          By: DesperateUnluckyMan at 2008-11-06 08:11:00

8. Thankx, the information was of great use, I apprec
View Tutorial          By: sachin at 2008-12-13 03:37:11

9. Thank You So Much ^,^
I get rid of that err

View Tutorial          By: moji junk at 2009-02-24 07:48:19

10. Appriciated, The information is very useful and st
View Tutorial          By: Bala Gummadi at 2009-02-24 10:01:50

11. Thanks. Your post was clear and worked perfectly a
View Tutorial          By: Suma at 2009-03-05 09:40:08

12. This is really helpful.
View Tutorial          By: srikanth at 2009-03-11 08:04:04

13. Good ,I like here! I send gmail with j
View Tutorial          By: jackhexl at 2009-04-02 03:29:44

14. Thank you very much!!!

But I have t

View Tutorial          By: Gemis at 2009-04-14 02:37:08

15. Thanks a lot! This really helped!!!
View Tutorial          By: SuperSeppel13 at 2009-04-14 04:25:06

16. Muchas gracias por compartir informacion. :)
View Tutorial          By: Anonymous at 2009-05-21 08:48:47

17. Thanks it really works good
Continue

View Tutorial          By: vipul at 2009-07-14 02:21:18

18. Your example is clear crisp and very helpful..
View Tutorial          By: sridhar at 2009-08-06 08:41:14

19. Thanks a lot Ramlak! This is still very useful af
View Tutorial          By: Jacky at 2009-08-08 23:49:12

20. Thank you! This article helped me to solve my issu
View Tutorial          By: nithya at 2009-08-12 03:28:24

21. Thanks, it worked.
View Tutorial          By: Deepak Varier at 2009-08-19 03:38:07

22. A big thanks to Ramlak for the detailed and crisp
View Tutorial          By: Chidanand Gangur at 2009-08-27 06:02:16

23. Gracias, it worked.
View Tutorial          By: Eduardo at 2009-09-09 12:16:30

24. Nearly perfect help, but the path I had to use was
View Tutorial          By: Martin Zeltner at 2009-09-15 04:15:19

25. Thank you very much for your help!!
View Tutorial          By: Ajay Singh at 2009-10-21 22:17:21

26. Hallo.

And if the certificate is se

View Tutorial          By: Mario at 2009-11-11 08:42:46

27. Hallo.
If I have a self-signed certificate

View Tutorial          By: Mario at 2009-11-12 06:35:29

28. Hallo.
If I have a self-signed certificate

View Tutorial          By: Mario at 2009-11-12 06:35:50

29. Hallo.
If I have a self-signed certificate

View Tutorial          By: Mario at 2009-11-12 06:37:02

30. Hallo.
If I have a self-signed certificate

View Tutorial          By: Mario at 2009-11-12 06:37:08

31. Hallo.
If I have a self-signed certificate

View Tutorial          By: Mario at 2009-11-12 07:16:19

32. Just used InstallCert.java successfully so that my
View Tutorial          By: Anthony Pelosi at 2009-12-30 15:52:17

33. Hi,

as mentioned on my blog (http:/

View Tutorial          By: Jesper Udby at 2010-01-23 10:21:32

34. Great details you provided here, very straight for
View Tutorial          By: Jackie Wong at 2010-02-05 10:52:25

35. Thank you for Very good article.
View Tutorial          By: Pakornsak S at 2010-02-08 04:35:05

36. Thank you for your help !
View Tutorial          By: vadym at 2010-03-03 06:35:01

37. But I have the same error ("javax.net.ssl.SSL
View Tutorial          By: azeemuddin at 2010-03-04 07:25:33

38. This is by far the easiest way I have yet seem, ma
View Tutorial          By: doahh at 2010-03-08 11:23:48

39. Thanks. But I've also had to use $JAVA_HOME/jre/li
View Tutorial          By: Alex at 2010-03-15 04:17:09

40. Thanks a lot! simple and clear explanation! Great!
View Tutorial          By: Fabio Henrique at 2010-03-29 15:23:56

41. excellent, very clear, thx!!!
View Tutorial          By: ma at 2010-04-07 07:42:47

42. Your post was very informative... Thanks a lot. My
View Tutorial          By: Rohit Shaw at 2010-04-12 04:29:02

43. Thank you it saved me
View Tutorial          By: Sri at 2010-05-18 11:11:46

44. Thanks
Your solution helped me a lot :)

View Tutorial          By: sendhil at 2010-05-28 01:12:41

45. Your solution is really helped me. Thanks for your
View Tutorial          By: Rajakumar at 2010-05-31 06:05:53

46. Thanks
muchas gracias
Excellent

View Tutorial          By: Alfredo at 2010-05-31 09:00:36

47. Really great way of explanation..... :)
Tha

View Tutorial          By: akram at 2010-07-08 04:07:17

48. hi, Thanks to the post.
I am stuck on step

View Tutorial          By: david_david at 2010-08-21 01:10:19

49. Nice way explanation!...
Thanks..

View Tutorial          By: Fathullah at 2010-09-28 14:58:19

50. Thank you so much.. That was quite helpful and inf
View Tutorial          By: alkalaji at 2010-10-25 04:19:37

51. Excellent!!!
View Tutorial          By: Leandro at 2010-10-27 11:28:36

52. Thank you very much..
This helped me a lot

View Tutorial          By: Rabeea AS at 2010-11-15 00:28:29

53. Thank you very much. Very useful. You are the best
View Tutorial          By: lin at 2011-01-19 00:09:35

54. That did work superbly. All I needed to restart my
View Tutorial          By: kvk at 2011-01-19 10:02:57

55. Really a very important and helpful article. The m
View Tutorial          By: Sahil Akhunji at 2011-01-22 03:39:12

56. Your solution has really helped me and educated me
View Tutorial          By: Tziq at 2011-01-25 08:06:06

57. This is very useful
View Tutorial          By: Ravi at 2011-03-08 00:56:27

58. Awesome work! Ramlak, thank you for your help!
View Tutorial          By: ico at 2011-03-21 04:23:11

59. Thank you, you save my day!!
View Tutorial          By: jano at 2011-05-26 17:20:47

60. Thanks a lot lot lot for this... u saved me...
View Tutorial          By: Sourabh Idoorkar at 2011-06-10 04:25:10

61. Thanks a lot for this very fruitful and amazingly
View Tutorial          By: Gaurav Saxna at 2011-06-15 06:20:18

62. hi,
How to create certificate from https://

View Tutorial          By: CN Balu Ramesh at 2011-07-19 08:37:32

63. hi,
How to create certificate from https://

View Tutorial          By: CN Balu Ramesh at 2011-07-19 08:38:31

64. I dont want my client using my application to do a
View Tutorial          By: zaffa at 2011-07-27 06:52:09

65. Thanks, very helpful. Worked perfectly.
View Tutorial          By: Bob Knob at 2011-07-27 18:22:18

66. Dude, you made my day.
View Tutorial          By: Sebastián at 2011-08-29 14:01:10

67. @Zaffa, in this case, the server your clients are
View Tutorial          By: Manny at 2011-09-23 07:08:57

68. Thanks a lot lot lot for this, but when I run the
View Tutorial          By: Kedjimo at 2011-10-06 06:13:10

69. Simply perfect, thanks very much
View Tutorial          By: luca200 at 2011-10-13 16:06:41

70. I've managed to solve this editing WEB-INF/compone
View Tutorial          By: Luiz Felipe at 2011-10-14 14:10:13

71. Hi. When i click on Install certificate. It tells
View Tutorial          By: jaris at 2011-10-18 11:00:41

72. Thank you very much you resolved my issue.
View Tutorial          By: ketan at 2012-02-01 11:16:47

73. There is 3rd Party webservices hosted over HTTPS,
View Tutorial          By: Ankur at 2012-02-24 16:49:59

74. Unable to connect with https:\\localhost:8443 but
View Tutorial          By: gopala krishna at 2012-04-02 07:17:09

75. Great Help...
View Tutorial          By: adity at 2012-04-27 05:34:26

76. Thanks it did help to get complete clarity
View Tutorial          By: Vivek The Great at 2012-05-07 17:31:32

77. Very Helpful.
View Tutorial          By: nfahem at 2012-05-09 10:50:29

78. Nice post,you can also see how to export the certi
View Tutorial          By: Sebastian at 2012-05-18 18:27:09

79. Thanks man, really helped me a lot!
View Tutorial          By: Anderson at 2012-07-17 20:20:32

80. Don't you just love people who all assume we use w
View Tutorial          By: Alan at 2012-08-01 09:10:26

81. Thank you. This is really awesome... Helped us a l
View Tutorial          By: Shivakumar at 2012-09-12 15:23:21

82. Thanks..it really worked well...!!!!
View Tutorial          By: Neelanjana at 2012-09-14 06:07:06

83. Hi. I put the file .cert in two paths:
C:\P

View Tutorial          By: ALFREDO at 2012-09-18 16:22:16

84. This post is very helpful. I run into the same err
View Tutorial          By: Denis Wang at 2012-09-18 19:38:04

85. What about for an iPad and iPhone!
View Tutorial          By: Kamalakannan at 2012-09-21 06:10:39

86. Thanks very much, this helped alot.
View Tutorial          By: Steve at 2012-10-09 21:09:16

87. Awesome and straight forward
View Tutorial          By: Nag at 2012-11-07 23:47:10

88. Thanks very much....its very simple explained.....
View Tutorial          By: nizam at 2012-12-17 09:43:11

89. You have simply saved my life. After 2 days dealin
View Tutorial          By: Mário Buratto at 2013-01-11 19:54:36

90. works too with deepnet security platform as to imp
View Tutorial          By: biloute at 2013-05-29 11:04:51

91. Thank you very much. This is the easiest and also
View Tutorial          By: Mehmet Üsküp at 2013-06-17 21:08:08

92. Thanks..it really worked well...!!!!
View Tutorial          By: Free Picks Report at 2013-07-01 22:51:11

93. BIG Thanks for such wonderful tutorial :) :) :)
View Tutorial          By: dhruva at 2013-07-10 08:56:27

94. give me the code
View Tutorial          By: roger at 2013-10-10 19:44:07

95. Thanks, it solved my problem with "sun.securi
View Tutorial          By: haasdg at 2013-10-29 14:12:51

96. Hey thnx. Solved my "inconvinience" ;P
View Tutorial          By: Hesam Ossanloo at 2013-12-19 15:13:31

97. Hi,i'm added the certificate to java keystore,But
View Tutorial          By: chakri at 2014-09-18 07:22:41

98. Well written article! Thank You ! My maven build i
View Tutorial          By: Nagesh at 2014-11-20 07:44:00

99. Thanks for this tuto , simple and very useful :)
View Tutorial          By: Firas at 2014-11-24 16:49:07

100. Very nice.
Thanks

View Tutorial          By: Kaviya at 2015-02-23 13:48:15

101. hi,

i'm a jmeter user.in my test i

View Tutorial          By: mahesh at 2015-03-06 16:58:05

102. Thanks!
View Tutorial          By: misterTi at 2015-03-18 17:48:41

103. Thanks but still facing same error of certificate
View Tutorial          By: Aditi at 2015-03-23 06:18:26

104. hi i unable to retrive am getting below excepti
View Tutorial          By: vignesh at 2015-03-25 16:57:45

105. hi i unable to retrive am getting below excepti
View Tutorial          By: vignesh at 2015-03-25 17:14:58

106. Thank you... Helpful :)
View Tutorial          By: Soopy at 2015-03-31 06:24:57

107. very useful. Thx
View Tutorial          By: reddy at 2015-05-07 09:58:19

108. Amazing tutorial!! This is what I was exactly look
View Tutorial          By: Sumanth Vaidya at 2015-06-17 18:19:16

109. hey what If I'm connecting to a server(XMPP in my
View Tutorial          By: garima at 2015-08-10 13:23:40

110. This is a great idea if I am targeting the require
View Tutorial          By: Shanthamurthy Hanumantharayappa at 2015-09-14 16:45:22

111. Very useful. Thank you
View Tutorial          By: kiran at 2015-11-25 12:33:00

112. thank you
View Tutorial          By: ghl at 2016-05-09 07:32:44

113. 2016 and still useful
Thank you

View Tutorial          By: Amoul at 2016-05-09 08:44:02

114. Thank you! I resolved the issue as you explained.
View Tutorial          By: duy at 2016-09-27 16:50:32