javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
By: Ramlak Printer Friendly Format
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Are you getting this error? This simply means that the web server or the URL you are connecting to does not have a valid certificate from an authorized CA. But however, being a programmer you would want to find out the alternative way to solve this issue.
What you need to do is to import the server certificate and install it in your JDK's keystore. If I am talking greek, its ok. I too just leant this. Just follow these steps and you will be able to get rid of that error.
1. First of all you copy the URL that you are connecting to and paste it in your browser. Let us say you are using IE. Just paste the url in the address bar and press enter.
2. You will now probably see a dialog box warning you about the certificate. Now click on the 'View Certificate' and install the certificate. Ignore any warning messages.
3. Now that the server certificate is installed in your computer, your browser will not warn you when you visit the same site again. But however your JRE dumb as it is does not yet know about this certificate's existence until you add it to its keystore. Usually you will use the keytool to manage certificates. Keytool is a command-line utility with numerous arguments that allow you to create and manage keystores for housing digital certificates. For the complete documentation of keytool,http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
4. You can list the current certificates contained within a keystore using they keytool -list command. The initial password for the cacerts keystore is changeit. For example:
C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list -keystore ..\lib\security\cacerts
Enter keystore password: changeit
You will then see the something like this:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 11 entries:
engweb, Wed Apr 11 16:22:49 EDT 2001, trustedCertEntry,
Certificate fingerprint (MD5): 8C:24:DA:52:7A:4A:16:4B:8E:FB:67:44:C9:D2:E4:16
thawtepersonalfreemailca, Fri Feb 12 15:12:16 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
thawtepersonalbasicca, Fri Feb 12 15:11:01 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
verisignclass3ca, Mon Jun 29 13:05:51 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
thawteserverca, Fri Feb 12 15:14:33 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
thawtepersonalpremiumca, Fri Feb 12 15:13:21 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
verisignclass4ca, Mon Jun 29 13:06:57 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
verisignclass1ca, Mon Jun 29 13:06:17 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
verisignserverca, Mon Jun 29 13:07:34 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
thawtepremiumserverca, Fri Feb 12 15:15:26 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
verisignclass2ca, Mon Jun 29 13:06:39 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8
5. Now you have to add the previosly installed certificate to this keystore. To add, begin by exporting your CA Root certificate as a DER-encoded binary file and save it as C:\root.cer. (you can view the installed certificates under Tools->'Internet Options' ->Content->Certificates. Once you open the certificates, locate the one you just installed under 'Trusted Root Certification Authorities". Select the right one and click on 'export'. You can now save it (DER encoded binary) under your c: drive.
6. Then use the keytool -import command to import the file into your cacerts keystore.
For example:-alias myprivateroot -keystore ..\lib\security\cacerts -file c:\root.cer
Enter keystore password: changeit
Owner: CN=Division name, OU=Department, O=Your Company, L=Anytown,
ST=NC, C=US, [email protected]
Issuer: CN=Division name, OU=Department, O=Your Company, L=Anytown,
ST=NC, C=US, [email protected]
Serial number: 79805d77eecfadb147e84f8cc2a22106
Valid from: Wed Sep 19 14:15:10 EDT 2001 until: Mon Sep 19 14:23:20 EDT 2101
Certificate fingerprints:
MD5: B6:30:03:DC:6D:73:57:9B:F4:EE:13:16:C7:68:85:09
SHA1: B5:C3:BB:CA:34:DF:54:85:2A:E9:B2:05:E0:F7:84:1E:6E:E3:E7:68
Trust this certificate? [no]: yes
Certificate was added to keystore
7. Now run keytool -list again to verify that your private root certificate was added:
C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list -keystore ..\lib\security\cacerts
You will now see a list of all the certificates including the one you just added.
This confirms that your private root certificate has been added to the Extranet server cacerts keystore as a trusted certificate authority.
Comment on this tutorial
- Data Science
- Android
- AJAX
- ASP.net
- C
- C++
- C#
- Cocoa
- Cloud Computing
- HTML5
- Java
- Javascript
- JSF
- JSP
- J2ME
- Java Beans
- EJB
- JDBC
- Linux
- Mac OS X
- iPhone
- MySQL
- Office 365
- Perl
- PHP
- Python
- Ruby
- VB.net
- Hibernate
- Struts
- SAP
- Trends
- Tech Reviews
- WebServices
- XML
- Certification
- Interview
categories
Subscribe to Tutorials
Related Tutorials
Creating a JavaBean to Connect with Google API
Spring Vs EJB ( A feature comparison)
What is EJB server and what are EJB Components?
Java Beans and the Expression Language
A sample that shows Java Beans, Servlets and JSP working together
Design Patterns for Properties in a Java Bean
Steps to develop EJB Environment
Archived Comments
1. Thank you! This article helped me to solve this pr
View Tutorial By: Stan Devyatovsky at 2008-09-12 05:20:20
2. Your post helped me to resolve the SSH exception..
View Tutorial By: Ashwini at 2008-07-14 12:47:32
3. Great!! But when I use wscompile to create stub,I
View Tutorial By: Baven at 2008-07-22 15:55:52
4. Hello, your post helped me a lot with solving my o
View Tutorial By: Florian Brunner at 2008-06-26 08:59:42
5. Thanks ! I found it very useful !
View Tutorial By: Rownak Ehsan at 2008-04-29 00:50:10
6. Thx, this helped a lot.
How can I I
View Tutorial By: Marko at 2008-10-09 01:32:37
7. So well explained that i thought during about 5 mi
View Tutorial By: DesperateUnluckyMan at 2008-11-06 08:11:00
8. Thankx, the information was of great use, I apprec
View Tutorial By: sachin at 2008-12-13 03:37:11
9. Thank You So Much ^,^
I get rid of that err
View Tutorial By: moji junk at 2009-02-24 07:48:19
10. Appriciated, The information is very useful and st
View Tutorial By: Bala Gummadi at 2009-02-24 10:01:50
11. Thanks. Your post was clear and worked perfectly a
View Tutorial By: Suma at 2009-03-05 09:40:08
12. This is really helpful.
View Tutorial By: srikanth at 2009-03-11 08:04:04
13. Good ,I like here! I send gmail with j
View Tutorial By: jackhexl at 2009-04-02 03:29:44
14. Thank you very much!!!
But I have t
View Tutorial By: Gemis at 2009-04-14 02:37:08
15. Thanks a lot! This really helped!!!
View Tutorial By: SuperSeppel13 at 2009-04-14 04:25:06
16. Muchas gracias por compartir informacion. :)
View Tutorial By: Anonymous at 2009-05-21 08:48:47
17. Thanks it really works good
Continue
View Tutorial By: vipul at 2009-07-14 02:21:18
18. Your example is clear crisp and very helpful..
View Tutorial By: sridhar at 2009-08-06 08:41:14
19. Thanks a lot Ramlak! This is still very useful af
View Tutorial By: Jacky at 2009-08-08 23:49:12
20. Thank you! This article helped me to solve my issu
View Tutorial By: nithya at 2009-08-12 03:28:24
21. Thanks, it worked.
View Tutorial By: Deepak Varier at 2009-08-19 03:38:07
22. A big thanks to Ramlak for the detailed and crisp
View Tutorial By: Chidanand Gangur at 2009-08-27 06:02:16
23. Gracias, it worked.
View Tutorial By: Eduardo at 2009-09-09 12:16:30
24. Nearly perfect help, but the path I had to use was
View Tutorial By: Martin Zeltner at 2009-09-15 04:15:19
25. Thank you very much for your help!!
View Tutorial By: Ajay Singh at 2009-10-21 22:17:21
26. Hallo.
And if the certificate is se
View Tutorial By: Mario at 2009-11-11 08:42:46
27. Hallo.
If I have a self-signed certificate
View Tutorial By: Mario at 2009-11-12 06:35:29
28. Hallo.
If I have a self-signed certificate
View Tutorial By: Mario at 2009-11-12 06:35:50
29. Hallo.
If I have a self-signed certificate
View Tutorial By: Mario at 2009-11-12 06:37:02
30. Hallo.
If I have a self-signed certificate
View Tutorial By: Mario at 2009-11-12 06:37:08
31. Hallo.
If I have a self-signed certificate
View Tutorial By: Mario at 2009-11-12 07:16:19
32. Just used InstallCert.java successfully so that my
View Tutorial By: Anthony Pelosi at 2009-12-30 15:52:17
33. Hi,
as mentioned on my blog (http:/
View Tutorial By: Jesper Udby at 2010-01-23 10:21:32
34. Great details you provided here, very straight for
View Tutorial By: Jackie Wong at 2010-02-05 10:52:25
35. Thank you for Very good article.
View Tutorial By: Pakornsak S at 2010-02-08 04:35:05
36. Thank you for your help !
View Tutorial By: vadym at 2010-03-03 06:35:01
37. But I have the same error ("javax.net.ssl.SSL
View Tutorial By: azeemuddin at 2010-03-04 07:25:33
38. This is by far the easiest way I have yet seem, ma
View Tutorial By: doahh at 2010-03-08 11:23:48
39. Thanks. But I've also had to use $JAVA_HOME/jre/li
View Tutorial By: Alex at 2010-03-15 04:17:09
40. Thanks a lot! simple and clear explanation! Great!
View Tutorial By: Fabio Henrique at 2010-03-29 15:23:56
41. excellent, very clear, thx!!!
View Tutorial By: ma at 2010-04-07 07:42:47
42. Your post was very informative... Thanks a lot. My
View Tutorial By: Rohit Shaw at 2010-04-12 04:29:02
43. Thank you it saved me
View Tutorial By: Sri at 2010-05-18 11:11:46
44. Thanks
Your solution helped me a lot :)
View Tutorial By: sendhil at 2010-05-28 01:12:41
45. Your solution is really helped me. Thanks for your
View Tutorial By: Rajakumar at 2010-05-31 06:05:53
46. Thanks
muchas gracias
Excellent
View Tutorial By: Alfredo at 2010-05-31 09:00:36
47. Really great way of explanation..... :)
Tha
View Tutorial By: akram at 2010-07-08 04:07:17
48. hi, Thanks to the post.
I am stuck on step
View Tutorial By: david_david at 2010-08-21 01:10:19
49. Nice way explanation!...
Thanks..
View Tutorial By: Fathullah at 2010-09-28 14:58:19
50. Thank you so much.. That was quite helpful and inf
View Tutorial By: alkalaji at 2010-10-25 04:19:37
51. Excellent!!!
View Tutorial By: Leandro at 2010-10-27 11:28:36
52. Thank you very much..
This helped me a lot
View Tutorial By: Rabeea AS at 2010-11-15 00:28:29
53. Thank you very much. Very useful. You are the best
View Tutorial By: lin at 2011-01-19 00:09:35
54. That did work superbly. All I needed to restart my
View Tutorial By: kvk at 2011-01-19 10:02:57
55. Really a very important and helpful article. The m
View Tutorial By: Sahil Akhunji at 2011-01-22 03:39:12
56. Your solution has really helped me and educated me
View Tutorial By: Tziq at 2011-01-25 08:06:06
57. This is very useful
View Tutorial By: Ravi at 2011-03-08 00:56:27
58. Awesome work! Ramlak, thank you for your help!
View Tutorial By: ico at 2011-03-21 04:23:11
59. Thank you, you save my day!!
View Tutorial By: jano at 2011-05-26 17:20:47
60. Thanks a lot lot lot for this... u saved me...
View Tutorial By: Sourabh Idoorkar at 2011-06-10 04:25:10
61. Thanks a lot for this very fruitful and amazingly
View Tutorial By: Gaurav Saxna at 2011-06-15 06:20:18
62. hi,
How to create certificate from https://
View Tutorial By: CN Balu Ramesh at 2011-07-19 08:37:32
63. hi,
How to create certificate from https://
View Tutorial By: CN Balu Ramesh at 2011-07-19 08:38:31
64. I dont want my client using my application to do a
View Tutorial By: zaffa at 2011-07-27 06:52:09
65. Thanks, very helpful. Worked perfectly.
View Tutorial By: Bob Knob at 2011-07-27 18:22:18
66. Dude, you made my day.
View Tutorial By: Sebastián at 2011-08-29 14:01:10
67. @Zaffa, in this case, the server your clients are
View Tutorial By: Manny at 2011-09-23 07:08:57
68. Thanks a lot lot lot for this, but when I run the
View Tutorial By: Kedjimo at 2011-10-06 06:13:10
69. Simply perfect, thanks very much
View Tutorial By: luca200 at 2011-10-13 16:06:41
70. I've managed to solve this editing WEB-INF/compone
View Tutorial By: Luiz Felipe at 2011-10-14 14:10:13
71. Hi. When i click on Install certificate. It tells
View Tutorial By: jaris at 2011-10-18 11:00:41
72. Thank you very much you resolved my issue.
View Tutorial By: ketan at 2012-02-01 11:16:47
73. There is 3rd Party webservices hosted over HTTPS,
View Tutorial By: Ankur at 2012-02-24 16:49:59
74. Unable to connect with https:\\localhost:8443 but
View Tutorial By: gopala krishna at 2012-04-02 07:17:09
75. Great Help...
View Tutorial By: adity at 2012-04-27 05:34:26
76. Thanks it did help to get complete clarity
View Tutorial By: Vivek The Great at 2012-05-07 17:31:32
77. Very Helpful.
View Tutorial By: nfahem at 2012-05-09 10:50:29
78. Nice post,you can also see how to export the certi
View Tutorial By: Sebastian at 2012-05-18 18:27:09
79. Thanks man, really helped me a lot!
View Tutorial By: Anderson at 2012-07-17 20:20:32
80. Don't you just love people who all assume we use w
View Tutorial By: Alan at 2012-08-01 09:10:26
81. Thank you. This is really awesome... Helped us a l
View Tutorial By: Shivakumar at 2012-09-12 15:23:21
82. Thanks..it really worked well...!!!!
View Tutorial By: Neelanjana at 2012-09-14 06:07:06
83. Hi. I put the file .cert in two paths:
C:\P
View Tutorial By: ALFREDO at 2012-09-18 16:22:16
84. This post is very helpful. I run into the same err
View Tutorial By: Denis Wang at 2012-09-18 19:38:04
85. What about for an iPad and iPhone!
View Tutorial By: Kamalakannan at 2012-09-21 06:10:39
86. Thanks very much, this helped alot.
View Tutorial By: Steve at 2012-10-09 21:09:16
87. Awesome and straight forward
View Tutorial By: Nag at 2012-11-07 23:47:10
88. Thanks very much....its very simple explained.....
View Tutorial By: nizam at 2012-12-17 09:43:11
89. You have simply saved my life. After 2 days dealin
View Tutorial By: Mário Buratto at 2013-01-11 19:54:36
90. works too with deepnet security platform as to imp
View Tutorial By: biloute at 2013-05-29 11:04:51
91. Thank you very much. This is the easiest and also
View Tutorial By: Mehmet Üsküp at 2013-06-17 21:08:08
92. Thanks..it really worked well...!!!!
View Tutorial By: Free Picks Report at 2013-07-01 22:51:11
93. BIG Thanks for such wonderful tutorial :) :) :)
View Tutorial By: dhruva at 2013-07-10 08:56:27
94. give me the code
View Tutorial By: roger at 2013-10-10 19:44:07
95. Thanks, it solved my problem with "sun.securi
View Tutorial By: haasdg at 2013-10-29 14:12:51
96. Hey thnx. Solved my "inconvinience" ;P
View Tutorial By: Hesam Ossanloo at 2013-12-19 15:13:31
97. Hi,i'm added the certificate to java keystore,But
View Tutorial By: chakri at 2014-09-18 07:22:41
98. Well written article! Thank You ! My maven build i
View Tutorial By: Nagesh at 2014-11-20 07:44:00
99. Thanks for this tuto , simple and very useful :)
View Tutorial By: Firas at 2014-11-24 16:49:07
100. Very nice.
Thanks
View Tutorial By: Kaviya at 2015-02-23 13:48:15
101. hi,
i'm a jmeter user.in my test i
View Tutorial By: mahesh at 2015-03-06 16:58:05
102. Thanks!
View Tutorial By: misterTi at 2015-03-18 17:48:41
103. Thanks but still facing same error of certificate
View Tutorial By: Aditi at 2015-03-23 06:18:26
104. hi i unable to retrive am getting below excepti
View Tutorial By: vignesh at 2015-03-25 16:57:45
105. hi i unable to retrive am getting below excepti
View Tutorial By: vignesh at 2015-03-25 17:14:58
106. Thank you... Helpful :)
View Tutorial By: Soopy at 2015-03-31 06:24:57
107. very useful. Thx
View Tutorial By: reddy at 2015-05-07 09:58:19
108. Amazing tutorial!! This is what I was exactly look
View Tutorial By: Sumanth Vaidya at 2015-06-17 18:19:16
109. hey what If I'm connecting to a server(XMPP in my
View Tutorial By: garima at 2015-08-10 13:23:40
110. This is a great idea if I am targeting the require
View Tutorial By: Shanthamurthy Hanumantharayappa at 2015-09-14 16:45:22
111. Very useful. Thank you
View Tutorial By: kiran at 2015-11-25 12:33:00
112. thank you
View Tutorial By: ghl at 2016-05-09 07:32:44
113. 2016 and still useful
Thank you
View Tutorial By: Amoul at 2016-05-09 08:44:02
114. Thank you! I resolved the issue as you explained.
View Tutorial By: duy at 2016-09-27 16:50:32