javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
By: Ramlak
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Are you getting this error? This simply means that the web server or the URL you are connecting to does not have a valid certificate from an authorized CA. But however, being a programmer you would want to find out the alternative way to solve this issue.
What you need to do is to import the server certificate and install it in your JDK's keystore. If I am talking greek, its ok. I too just leant this. Just follow these steps and you will be able to get rid of that error.
1. First of all you copy the URL that you are connecting to and paste it in your browser. Let us say you are using IE. Just paste the url in the address bar and press enter.
2. You will now probably see a dialog box warning you about the certificate. Now click on the 'View Certificate' and install the certificate. Ignore any warning messages.
3. Now that the server certificate is installed in your computer, your browser will not warn you when you visit the same site again. But however your JRE dumb as it is does not yet know about this certificate's existence until you add it to its keystore. Usually you will use the keytool to manage certificates. Keytool is a command-line utility with numerous arguments that allow you to create and manage keystores for housing digital certificates. For the complete documentation of keytool,http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
4. You can list the current certificates contained within a keystore using they keytool -list command. The initial password for the cacerts keystore is changeit. For example:
C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list -keystore ..\lib\security\cacerts
Enter keystore password: changeit
You will then see the something like this:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 11 entries:
engweb, Wed Apr 11 16:22:49 EDT 2001, trustedCertEntry,
Certificate fingerprint (MD5): 8C:24:DA:52:7A:4A:16:4B:8E:FB:67:44:C9:D2:E4:16
thawtepersonalfreemailca, Fri Feb 12 15:12:16 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
thawtepersonalbasicca, Fri Feb 12 15:11:01 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
verisignclass3ca, Mon Jun 29 13:05:51 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
thawteserverca, Fri Feb 12 15:14:33 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
thawtepersonalpremiumca, Fri Feb 12 15:13:21 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
verisignclass4ca, Mon Jun 29 13:06:57 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
verisignclass1ca, Mon Jun 29 13:06:17 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
verisignserverca, Mon Jun 29 13:07:34 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
thawtepremiumserverca, Fri Feb 12 15:15:26 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
verisignclass2ca, Mon Jun 29 13:06:39 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8
5. Now you have to add the previosly installed certificate to this keystore. To add, begin by exporting your CA Root certificate as a DER-encoded binary file and save it as C:\root.cer. (you can view the installed certificates under Tools->'Internet Options' ->Content->Certificates. Once you open the certificates, locate the one you just installed under 'Trusted Root Certification Authorities". Select the right one and click on 'export'. You can now save it (DER encoded binary) under your c: drive.
6. Then use the keytool -import command to import the file into your cacerts keystore.
For example:-alias myprivateroot -keystore ..\lib\security\cacerts -file c:\root.cer
Enter keystore password: changeit
Owner: CN=Division name, OU=Department, O=Your Company, L=Anytown,
ST=NC, C=US, [email protected]
Issuer: CN=Division name, OU=Department, O=Your Company, L=Anytown,
ST=NC, C=US, [email protected]
Serial number: 79805d77eecfadb147e84f8cc2a22106
Valid from: Wed Sep 19 14:15:10 EDT 2001 until: Mon Sep 19 14:23:20 EDT 2101
Certificate fingerprints:
MD5: B6:30:03:DC:6D:73:57:9B:F4:EE:13:16:C7:68:85:09
SHA1: B5:C3:BB:CA:34:DF:54:85:2A:E9:B2:05:E0:F7:84:1E:6E:E3:E7:68
Trust this certificate? [no]: yes
Certificate was added to keystore
7. Now run keytool -list again to verify that your private root certificate was added:
C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list -keystore ..\lib\security\cacerts
You will now see a list of all the certificates including the one you just added.
This confirms that your private root certificate has been added to the Extranet server cacerts keystore as a trusted certificate authority.
Archived Comments
1. Thank you! I resolved the issue as you explained.
View Tutorial By: duy at 2016-09-27 16:50:32
2. 2016 and still useful
Thank you
View Tutorial By: Amoul at 2016-05-09 08:44:02
3. thank you
View Tutorial By: ghl at 2016-05-09 07:32:44
4. Very useful. Thank you
View Tutorial By: kiran at 2015-11-25 12:33:00
5. This is a great idea if I am targeting the required url using Browser interface. I need some assista
View Tutorial By: Shanthamurthy Hanumantharayappa at 2015-09-14 16:45:22
6. hey what If I'm connecting to a server(XMPP in my case). How shall I get the certificate??
View Tutorial By: garima at 2015-08-10 13:23:40
7. Amazing tutorial!! This is what I was exactly looking for!. Thanks alot. It works perfectly.!
View Tutorial By: Sumanth Vaidya at 2015-06-17 18:19:16
8. very useful. Thx
View Tutorial By: reddy at 2015-05-07 09:58:19
9. Thank you... Helpful :)
View Tutorial By: Soopy at 2015-03-31 06:24:57
10. hi i unable to retrive am getting below exception while sending email from my server.
View Tutorial By: vignesh at 2015-03-25 17:14:58
11. hi i unable to retrive am getting below exception while sending email from my server.
View Tutorial By: vignesh at 2015-03-25 16:57:45
12. Thanks but still facing same error of certificate i.e.
javax.net.ssl.SSLHandshakeException:
View Tutorial By: Aditi at 2015-03-23 06:18:26
13. Thanks!
View Tutorial By: misterTi at 2015-03-18 17:48:41
14. hi,
i'm a jmeter user.in my test i tried to send a mail .it throwing the same pkix er
View Tutorial By: mahesh at 2015-03-06 16:58:05
15. Very nice.
Thanks
View Tutorial By: Kaviya at 2015-02-23 13:48:15
16. Thanks for this tuto , simple and very useful :)
View Tutorial By: Firas at 2014-11-24 16:49:07
17. Well written article! Thank You ! My maven build issue got solved after following your article!
View Tutorial By: Nagesh at 2014-11-20 07:44:00
18. Hi,i'm added the certificate to java keystore,But still i'm getting below exception stack.This probl
View Tutorial By: chakri at 2014-09-18 07:22:41
19. Hey thnx. Solved my "inconvinience" ;P
View Tutorial By: Hesam Ossanloo at 2013-12-19 15:13:31
20. Thanks, it solved my problem with "sun.security.validator.ValidatorException: PKIX path buildin
View Tutorial By: haasdg at 2013-10-29 14:12:51
21. give me the code
View Tutorial By: roger at 2013-10-10 19:44:07
22. BIG Thanks for such wonderful tutorial :) :) :)
View Tutorial By: dhruva at 2013-07-10 08:56:27
23. Thanks..it really worked well...!!!!
View Tutorial By: Free Picks Report at 2013-07-01 22:51:11
24. Thank you very much. This is the easiest and also the best way.
View Tutorial By: Mehmet Üsküp at 2013-06-17 21:08:08
25. works too with deepnet security platform as to import ssl CA certificates from local PKI
View Tutorial By: biloute at 2013-05-29 11:04:51
26. You have simply saved my life. After 2 days dealing with this problem this tutorial was the only one
View Tutorial By: Mário Buratto at 2013-01-11 19:54:36
27. Thanks very much....its very simple explained.....thanks a lot.....
View Tutorial By: nizam at 2012-12-17 09:43:11
28. Awesome and straight forward
View Tutorial By: Nag at 2012-11-07 23:47:10
29. Thanks very much, this helped alot.
View Tutorial By: Steve at 2012-10-09 21:09:16
30. What about for an iPad and iPhone!
View Tutorial By: Kamalakannan at 2012-09-21 06:10:39
31. This post is very helpful. I run into the same errors others posted in the comments and the followin
View Tutorial By: Denis Wang at 2012-09-18 19:38:04
32. Hi. I put the file .cert in two paths:
C:\Progra~2\Java\jre6\lib\security\cacerts
View Tutorial By: ALFREDO at 2012-09-18 16:22:16
33. Thanks..it really worked well...!!!!
View Tutorial By: Neelanjana at 2012-09-14 06:07:06
34. Thank you. This is really awesome... Helped us a lot
View Tutorial By: Shivakumar at 2012-09-12 15:23:21
35. Don't you just love people who all assume we use windows......
C: drive... whats that
View Tutorial By: Alan at 2012-08-01 09:10:26
36. Thanks man, really helped me a lot!
View Tutorial By: Anderson at 2012-07-17 20:20:32
37. Nice post,you can also see how to export the certificates using a firefox here - http://atgtipsandtw
View Tutorial By: Sebastian at 2012-05-18 18:27:09
38. Very Helpful.
View Tutorial By: nfahem at 2012-05-09 10:50:29
39. Thanks it did help to get complete clarity
View Tutorial By: Vivek The Great at 2012-05-07 17:31:32
40. Great Help...
View Tutorial By: adity at 2012-04-27 05:34:26
41. Unable to connect with https:\\localhost:8443 but i can with 8080
My Enviroment is :
J
View Tutorial By: gopala krishna at 2012-04-02 07:17:09
42. There is 3rd Party webservices hosted over HTTPS, while consuming webservice i am facing SSL handsha
View Tutorial By: Ankur at 2012-02-24 16:49:59
43. Thank you very much you resolved my issue.
View Tutorial By: ketan at 2012-02-01 11:16:47
44. Hi. When i click on Install certificate. It tells "The Import was successfull". And when i
View Tutorial By: jaris at 2011-10-18 11:00:41
45. I've managed to solve this editing WEB-INF/components.xml on the <mail> tag. I've added: tls=&
View Tutorial By: Luiz Felipe at 2011-10-14 14:10:13
46. Simply perfect, thanks very much
View Tutorial By: luca200 at 2011-10-13 16:06:41
47. Thanks a lot lot lot for this, but when I run the application from the IDE e doesn't dive any except
View Tutorial By: Kedjimo at 2011-10-06 06:13:10
48. @Zaffa, in this case, the server your clients are connecting to is your server and you dont have a v
View Tutorial By: Manny at 2011-09-23 07:08:57
49. Dude, you made my day.
View Tutorial By: Sebastián at 2011-08-29 14:01:10
50. Thanks, very helpful. Worked perfectly.
View Tutorial By: Bob Knob at 2011-07-27 18:22:18
51. I dont want my client using my application to do all the steps you mentioned. Is there any other way
View Tutorial By: zaffa at 2011-07-27 06:52:09
52. hi,
How to create certificate from https://.... url which does not provide the certificate
View Tutorial By: CN Balu Ramesh at 2011-07-19 08:38:31
53. hi,
How to create certificate from https://.... url which does not provide the certificate
View Tutorial By: CN Balu Ramesh at 2011-07-19 08:37:32
54. Thanks a lot for this very fruitful and amazingly fast
View Tutorial By: Gaurav Saxna at 2011-06-15 06:20:18
55. Thanks a lot lot lot for this... u saved me...
View Tutorial By: Sourabh Idoorkar at 2011-06-10 04:25:10
56. Thank you, you save my day!!
View Tutorial By: jano at 2011-05-26 17:20:47
57. Awesome work! Ramlak, thank you for your help!
View Tutorial By: ico at 2011-03-21 04:23:11
58. This is very useful
View Tutorial By: Ravi at 2011-03-08 00:56:27
59. Your solution has really helped me and educated me. Thanks for the tips. :-)
View Tutorial By: Tziq at 2011-01-25 08:06:06
60. Really a very important and helpful article. The method of describing the things is just awesome....
View Tutorial By: Sahil Akhunji at 2011-01-22 03:39:12
61. That did work superbly. All I needed to restart my server to make it work. Thanks much
View Tutorial By: kvk at 2011-01-19 10:02:57
62. Thank you very much. Very useful. You are the best....
View Tutorial By: lin at 2011-01-19 00:09:35
63. Thank you very much..
This helped me a lot.
View Tutorial By: Rabeea AS at 2010-11-15 00:28:29
64. Excellent!!!
View Tutorial By: Leandro at 2010-10-27 11:28:36
65. Thank you so much.. That was quite helpful and informative!!
View Tutorial By: alkalaji at 2010-10-25 04:19:37
66. Nice way explanation!...
Thanks..
View Tutorial By: Fathullah at 2010-09-28 14:58:19
67. hi, Thanks to the post.
I am stuck on step 2. the warning dialog is not getting when try the
View Tutorial By: david_david at 2010-08-21 01:10:19
68. Really great way of explanation..... :)
Thanks.....
View Tutorial By: akram at 2010-07-08 04:07:17
69. Thanks
muchas gracias
Excellent
View Tutorial By: Alfredo at 2010-05-31 09:00:36
70. Your solution is really helped me. Thanks for your information.
View Tutorial By: Rajakumar at 2010-05-31 06:05:53
71. Thanks
Your solution helped me a lot :)
View Tutorial By: sendhil at 2010-05-28 01:12:41
72. Thank you it saved me
View Tutorial By: Sri at 2010-05-18 11:11:46
73. Your post was very informative... Thanks a lot. My problem finally got solved
View Tutorial By: Rohit Shaw at 2010-04-12 04:29:02
74. excellent, very clear, thx!!!
View Tutorial By: ma at 2010-04-07 07:42:47
75. Thanks a lot! simple and clear explanation! Great!
View Tutorial By: Fabio Henrique at 2010-03-29 15:23:56
76. Thanks. But I've also had to use $JAVA_HOME/jre/lib/security/cacerts
Thanks Martin Zeltner!
View Tutorial By: Alex at 2010-03-15 04:17:09
77. This is by far the easiest way I have yet seem, many thanks. I was continually messing around trying
View Tutorial By: doahh at 2010-03-08 11:23:48
78. But I have the same error ("javax.net.ssl.SSLHandshakeException: sun.security.validator.Validat
View Tutorial By: azeemuddin at 2010-03-04 07:25:33
79. Thank you for your help !
View Tutorial By: vadym at 2010-03-03 06:35:01
80. Thank you for Very good article.
View Tutorial By: Pakornsak S at 2010-02-08 04:35:05
81. Great details you provided here, very straight forward to follow. Cheers.
View Tutorial By: Jackie Wong at 2010-02-05 10:52:25
82. Hi,
as mentioned on my blog (http://blog.udby.com/archives/8), one can also create a
View Tutorial By: Jesper Udby at 2010-01-23 10:21:32
83. Just used InstallCert.java successfully so that my build server's Hudson could connect to Jira using
View Tutorial By: Anthony Pelosi at 2009-12-30 15:52:17
84. Hallo.
If I have a self-signed certificate (so I haven't a root certificate),is the same proc
View Tutorial By: Mario at 2009-11-12 07:16:19
85. Hallo.
If I have a self-signed certificate (so I haven't a root certificate),is the same proc
View Tutorial By: Mario at 2009-11-12 06:37:08
86. Hallo.
If I have a self-signed certificate (so I haven't a root certificate),is the same proc
View Tutorial By: Mario at 2009-11-12 06:37:02
87. Hallo.
If I have a self-signed certificate (so I haven't a root certificate),is the same proc
View Tutorial By: Mario at 2009-11-12 06:35:50
88. Hallo.
If I have a self-signed certificate (so I haven't a root certificate),is the same proc
View Tutorial By: Mario at 2009-11-12 06:35:29
89. Hallo.
And if the certificate is self-signed so I haven't a CA root?
H
View Tutorial By: Mario at 2009-11-11 08:42:46
90. Thank you very much for your help!!
View Tutorial By: Ajay Singh at 2009-10-21 22:17:21
91. Nearly perfect help, but the path I had to use was $JAVA_HOME/jre/lib/security/cacerts instead of $J
View Tutorial By: Martin Zeltner at 2009-09-15 04:15:19
92. Gracias, it worked.
View Tutorial By: Eduardo at 2009-09-09 12:16:30
93. A big thanks to Ramlak for the detailed and crisp solution.
View Tutorial By: Chidanand Gangur at 2009-08-27 06:02:16
94. Thanks, it worked.
View Tutorial By: Deepak Varier at 2009-08-19 03:38:07
95. Thank you! This article helped me to solve my issuse. your example is clear and great.
View Tutorial By: nithya at 2009-08-12 03:28:24
96. Thanks a lot Ramlak! This is still very useful after 2 years of original posting today on 9 Aug 200
View Tutorial By: Jacky at 2009-08-08 23:49:12
97. Your example is clear crisp and very helpful..
View Tutorial By: sridhar at 2009-08-06 08:41:14
98. Thanks it really works good
Continue
View Tutorial By: vipul at 2009-07-14 02:21:18
99. Muchas gracias por compartir informacion. :)
View Tutorial By: Anonymous at 2009-05-21 08:48:47
100. Thanks a lot! This really helped!!!
View Tutorial By: SuperSeppel13 at 2009-04-14 04:25:06
101. Thank you very much!!!
But I have the same error ("javax.net.ssl.SSLHandshakeExc
View Tutorial By: Gemis at 2009-04-14 02:37:08
102. Good ,I like here! I send gmail with javamail ,hava this exception ,it\'s very bad!
View Tutorial By: jackhexl at 2009-04-02 03:29:44
103. This is really helpful.
View Tutorial By: srikanth at 2009-03-11 08:04:04
104. Thanks. Your post was clear and worked perfectly as I stumbled across this problem today.
View Tutorial By: Suma at 2009-03-05 09:40:08
105. Appriciated, The information is very useful and straight forward even for new developer.
View Tutorial By: Bala Gummadi at 2009-02-24 10:01:50
106. Thank You So Much ^,^
I get rid of that error
View Tutorial By: moji junk at 2009-02-24 07:48:19
107. Thankx, the information was of great use, I appreciate the way things are explained
View Tutorial By: sachin at 2008-12-13 03:37:11
108. So well explained that i thought during about 5 minutes that it would resolve the problem that makes
View Tutorial By: DesperateUnluckyMan at 2008-11-06 08:11:00
109. Thx, this helped a lot.
How can I Import all the certificates from a old Java version
View Tutorial By: Marko at 2008-10-09 01:32:37
110. Thank you! This article helped me to solve this problem which I had no idea what to do with.
View Tutorial By: Stan Devyatovsky at 2008-09-12 05:20:20
111. Great!! But when I use wscompile to create stub,I get the following error :
javax.net
View Tutorial By: Baven at 2008-07-22 15:55:52
112. Your post helped me to resolve the SSH exception..Thank you
View Tutorial By: Ashwini at 2008-07-14 12:47:32
113. Hello, your post helped me a lot with solving my own problem. But I still have some open questions,
View Tutorial By: Florian Brunner at 2008-06-26 08:59:42
114. Thanks ! I found it very useful !
View Tutorial By: Rownak Ehsan at 2008-04-29 00:50:10
Comment on this tutorial
- Data Science
- Android
- AJAX
- ASP.net
- C
- C++
- C#
- Cocoa
- Cloud Computing
- HTML5
- Java
- Javascript
- JSF
- JSP
- J2ME
- Java Beans
- EJB
- JDBC
- Linux
- Mac OS X
- iPhone
- MySQL
- Office 365
- Perl
- PHP
- Python
- Ruby
- VB.net
- Hibernate
- Struts
- SAP
- Trends
- Tech Reviews
- WebServices
- XML
- Certification
- Interview
categories
Related Tutorials
Creating a JavaBean to Connect with Google API
Spring Vs EJB ( A feature comparison)
What is EJB server and what are EJB Components?
Java Beans and the Expression Language
A sample that shows Java Beans, Servlets and JSP working together
Design Patterns for Properties in a Java Bean
Steps to develop EJB Environment