PKIX path building failed: unable to find valid certification path to requested target

By: Ramlak PKIX path building failed: unable to find valid certification path to requested target

Are you getting this error? This simply means that the web server or the URL you are connecting to does not have a valid certificate from an authorized CA. But however, being a programmer you would want to find out the alternative way to solve this issue.

What you need to do is to import the server certificate and install it in your JDK's keystore. If I am talking greek, its ok. I too just leant this. Just follow these steps and you will be able to get rid of that error.

1. First of all you copy the URL that you are connecting to and paste it in your browser. Let us say you are using IE. Just paste the url in the address bar and press enter.

2. You will now probably see a dialog box warning you about the certificate. Now click on the 'View Certificate' and install the certificate. Ignore any warning messages.

3. Now that the server certificate is installed in your computer, your browser will not warn you when you visit the same site again. But however your JRE dumb as it is does not yet know about this certificate's existence until you add it to its keystore. Usually you will use the keytool to manage certificates. Keytool is a command-line utility with numerous arguments that allow you to create and manage keystores for housing digital certificates. For the complete documentation of keytool,

4. You can list the current certificates contained within a keystore using they keytool -list command. The initial password for the cacerts keystore is changeit. For example:

    C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list -keystore ..\lib\security\cacerts

    Enter keystore password: changeit

    You will then see the something like this:

    Keystore type: jks

    Keystore provider: SUN

    Your keystore contains 11 entries:

    engweb, Wed Apr 11 16:22:49 EDT 2001, trustedCertEntry,

    Certificate fingerprint (MD5): 8C:24:DA:52:7A:4A:16:4B:8E:FB:67:44:C9:D2:E4:16

    thawtepersonalfreemailca, Fri Feb 12 15:12:16 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9

    thawtepersonalbasicca, Fri Feb 12 15:11:01 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41

    verisignclass3ca, Mon Jun 29 13:05:51 EDT 1998, trustedCertEntry,

    Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D

    thawteserverca, Fri Feb 12 15:14:33 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D

    thawtepersonalpremiumca, Fri Feb 12 15:13:21 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D

      verisignclass4ca, Mon Jun 29 13:06:57 EDT 1998, trustedCertEntry,

      Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10

      verisignclass1ca, Mon Jun 29 13:06:17 EDT 1998, trustedCertEntry,

      Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20

    verisignserverca, Mon Jun 29 13:07:34 EDT 1998, trustedCertEntry,

    Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93

    thawtepremiumserverca, Fri Feb 12 15:15:26 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A

    verisignclass2ca, Mon Jun 29 13:06:39 EDT 1998, trustedCertEntry,

    Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8


5. Now you have to add the previosly installed certificate to this keystore. To add, begin by exporting your CA Root certificate as a DER-encoded binary file and save it as C:\root.cer. (you can view the installed certificates under Tools->'Internet Options' ->Content->Certificates. Once you open the certificates, locate the one you just installed under 'Trusted Root Certification Authorities". Select the right one and click on 'export'. You can now save it (DER encoded binary) under your c: drive.

6. Then use the keytool -import command to import the file into your cacerts keystore. 

    For example:-alias myprivateroot -keystore ..\lib\security\cacerts -file c:\root.cer

Enter keystore password: changeit

Owner: CN=Division name, OU=Department, O=Your Company, L=Anytown,

ST=NC, C=US, [email protected]

Issuer: CN=Division name, OU=Department, O=Your Company, L=Anytown,

ST=NC, C=US, [email protected]

Serial number: 79805d77eecfadb147e84f8cc2a22106

Valid from: Wed Sep 19 14:15:10 EDT 2001 until: Mon Sep 19 14:23:20 EDT 2101

Certificate fingerprints:

MD5: B6:30:03:DC:6D:73:57:9B:F4:EE:13:16:C7:68:85:09

SHA1: B5:C3:BB:CA:34:DF:54:85:2A:E9:B2:05:E0:F7:84:1E:6E:E3:E7:68

Trust this certificate? [no]: yes

Certificate was added to keystore

7. Now run keytool -list again to verify that your private root certificate was added:

    C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list -keystore ..\lib\security\cacerts

You will now see a list of all the certificates including the one you just added.

This confirms that your private root certificate has been added to the Extranet server cacerts keystore as a trusted certificate authority.

Archived Comments

1. Thank you! I resolved the issue as you explained.
View Tutorial          By: duy at 2016-09-27 16:50:32

2. 2016 and still useful
Thank you

View Tutorial          By: Amoul at 2016-05-09 08:44:02

3. thank you
View Tutorial          By: ghl at 2016-05-09 07:32:44

4. Very useful. Thank you
View Tutorial          By: kiran at 2015-11-25 12:33:00

5. This is a great idea if I am targeting the required url using Browser interface. I need some assista
View Tutorial          By: Shanthamurthy Hanumantharayappa at 2015-09-14 16:45:22

6. hey what If I'm connecting to a server(XMPP in my case). How shall I get the certificate??
View Tutorial          By: garima at 2015-08-10 13:23:40

7. Amazing tutorial!! This is what I was exactly looking for!. Thanks alot. It works perfectly.!
View Tutorial          By: Sumanth Vaidya at 2015-06-17 18:19:16

8. very useful. Thx
View Tutorial          By: reddy at 2015-05-07 09:58:19

9. Thank you... Helpful :)
View Tutorial          By: Soopy at 2015-03-31 06:24:57

10. hi i unable to retrive am getting below exception while sending email from my server.

View Tutorial          By: vignesh at 2015-03-25 17:14:58

11. hi i unable to retrive am getting below exception while sending email from my server.

View Tutorial          By: vignesh at 2015-03-25 16:57:45

12. Thanks but still facing same error of certificate i.e.

View Tutorial          By: Aditi at 2015-03-23 06:18:26

13. Thanks!
View Tutorial          By: misterTi at 2015-03-18 17:48:41

14. hi,

i'm a jmeter my test i tried to send a mail .it throwing the same pkix er

View Tutorial          By: mahesh at 2015-03-06 16:58:05

15. Very nice.

View Tutorial          By: Kaviya at 2015-02-23 13:48:15

16. Thanks for this tuto , simple and very useful :)
View Tutorial          By: Firas at 2014-11-24 16:49:07

17. Well written article! Thank You ! My maven build issue got solved after following your article!
View Tutorial          By: Nagesh at 2014-11-20 07:44:00

18. Hi,i'm added the certificate to java keystore,But still i'm getting below exception stack.This probl
View Tutorial          By: chakri at 2014-09-18 07:22:41

19. Hey thnx. Solved my "inconvinience" ;P
View Tutorial          By: Hesam Ossanloo at 2013-12-19 15:13:31

20. Thanks, it solved my problem with " PKIX path buildin
View Tutorial          By: haasdg at 2013-10-29 14:12:51

21. give me the code
View Tutorial          By: roger at 2013-10-10 19:44:07

22. BIG Thanks for such wonderful tutorial :) :) :)
View Tutorial          By: dhruva at 2013-07-10 08:56:27

23. really worked well...!!!!
View Tutorial          By: Free Picks Report at 2013-07-01 22:51:11

24. Thank you very much. This is the easiest and also the best way.
View Tutorial          By: Mehmet Ãœsküp at 2013-06-17 21:08:08

25. works too with deepnet security platform as to import ssl CA certificates from local PKI
View Tutorial          By: biloute at 2013-05-29 11:04:51

26. You have simply saved my life. After 2 days dealing with this problem this tutorial was the only one
View Tutorial          By: Mário Buratto at 2013-01-11 19:54:36

27. Thanks very much....its very simple explained.....thanks a lot.....
View Tutorial          By: nizam at 2012-12-17 09:43:11

28. Awesome and straight forward
View Tutorial          By: Nag at 2012-11-07 23:47:10

29. Thanks very much, this helped alot.
View Tutorial          By: Steve at 2012-10-09 21:09:16

30. What about for an iPad and iPhone!
View Tutorial          By: Kamalakannan at 2012-09-21 06:10:39

31. This post is very helpful. I run into the same errors others posted in the comments and the followin
View Tutorial          By: Denis Wang at 2012-09-18 19:38:04

32. Hi. I put the file .cert in two paths:

View Tutorial          By: ALFREDO at 2012-09-18 16:22:16

33. really worked well...!!!!
View Tutorial          By: Neelanjana at 2012-09-14 06:07:06

34. Thank you. This is really awesome... Helped us a lot
View Tutorial          By: Shivakumar at 2012-09-12 15:23:21

35. Don't you just love people who all assume we use windows......

C: drive... whats that

View Tutorial          By: Alan at 2012-08-01 09:10:26

36. Thanks man, really helped me a lot!
View Tutorial          By: Anderson at 2012-07-17 20:20:32

37. Nice post,you can also see how to export the certificates using a firefox here - http://atgtipsandtw
View Tutorial          By: Sebastian at 2012-05-18 18:27:09

38. Very Helpful.
View Tutorial          By: nfahem at 2012-05-09 10:50:29

39. Thanks it did help to get complete clarity
View Tutorial          By: Vivek The Great at 2012-05-07 17:31:32

40. Great Help...
View Tutorial          By: adity at 2012-04-27 05:34:26

41. Unable to connect with https:\\localhost:8443 but i can with 8080
My Enviroment is :

View Tutorial          By: gopala krishna at 2012-04-02 07:17:09

42. There is 3rd Party webservices hosted over HTTPS, while consuming webservice i am facing SSL handsha
View Tutorial          By: Ankur at 2012-02-24 16:49:59

43. Thank you very much you resolved my issue.
View Tutorial          By: ketan at 2012-02-01 11:16:47

44. Hi. When i click on Install certificate. It tells "The Import was successfull". And when i
View Tutorial          By: jaris at 2011-10-18 11:00:41

45. I've managed to solve this editing WEB-INF/components.xml on the <mail> tag. I've added: tls=&
View Tutorial          By: Luiz Felipe at 2011-10-14 14:10:13

46. Simply perfect, thanks very much
View Tutorial          By: luca200 at 2011-10-13 16:06:41

47. Thanks a lot lot lot for this, but when I run the application from the IDE e doesn't dive any except
View Tutorial          By: Kedjimo at 2011-10-06 06:13:10

48. @Zaffa, in this case, the server your clients are connecting to is your server and you dont have a v
View Tutorial          By: Manny at 2011-09-23 07:08:57

49. Dude, you made my day.
View Tutorial          By: Sebastián at 2011-08-29 14:01:10

50. Thanks, very helpful. Worked perfectly.
View Tutorial          By: Bob Knob at 2011-07-27 18:22:18

51. I dont want my client using my application to do all the steps you mentioned. Is there any other way
View Tutorial          By: zaffa at 2011-07-27 06:52:09

52. hi,
How to create certificate from https://.... url which does not provide the certificate
View Tutorial          By: CN Balu Ramesh at 2011-07-19 08:38:31

53. hi,
How to create certificate from https://.... url which does not provide the certificate
View Tutorial          By: CN Balu Ramesh at 2011-07-19 08:37:32

54. Thanks a lot for this very fruitful and amazingly fast
View Tutorial          By: Gaurav Saxna at 2011-06-15 06:20:18

55. Thanks a lot lot lot for this... u saved me...
View Tutorial          By: Sourabh Idoorkar at 2011-06-10 04:25:10

56. Thank you, you save my day!!
View Tutorial          By: jano at 2011-05-26 17:20:47

57. Awesome work! Ramlak, thank you for your help!
View Tutorial          By: ico at 2011-03-21 04:23:11

58. This is very useful
View Tutorial          By: Ravi at 2011-03-08 00:56:27

59. Your solution has really helped me and educated me. Thanks for the tips. :-)
View Tutorial          By: Tziq at 2011-01-25 08:06:06

60. Really a very important and helpful article. The method of describing the things is just awesome....
View Tutorial          By: Sahil Akhunji at 2011-01-22 03:39:12

61. That did work superbly. All I needed to restart my server to make it work. Thanks much
View Tutorial          By: kvk at 2011-01-19 10:02:57

62. Thank you very much. Very useful. You are the best....
View Tutorial          By: lin at 2011-01-19 00:09:35

63. Thank you very much..
This helped me a lot.

View Tutorial          By: Rabeea AS at 2010-11-15 00:28:29

64. Excellent!!!
View Tutorial          By: Leandro at 2010-10-27 11:28:36

65. Thank you so much.. That was quite helpful and informative!!
View Tutorial          By: alkalaji at 2010-10-25 04:19:37

66. Nice way explanation!...

View Tutorial          By: Fathullah at 2010-09-28 14:58:19

67. hi, Thanks to the post.
I am stuck on step 2. the warning dialog is not getting when try the

View Tutorial          By: david_david at 2010-08-21 01:10:19

68. Really great way of explanation..... :)

View Tutorial          By: akram at 2010-07-08 04:07:17

69. Thanks
muchas gracias

View Tutorial          By: Alfredo at 2010-05-31 09:00:36

70. Your solution is really helped me. Thanks for your information.
View Tutorial          By: Rajakumar at 2010-05-31 06:05:53

71. Thanks
Your solution helped me a lot :)

View Tutorial          By: sendhil at 2010-05-28 01:12:41

72. Thank you it saved me
View Tutorial          By: Sri at 2010-05-18 11:11:46

73. Your post was very informative... Thanks a lot. My problem finally got solved
View Tutorial          By: Rohit Shaw at 2010-04-12 04:29:02

74. excellent, very clear, thx!!!
View Tutorial          By: ma at 2010-04-07 07:42:47

75. Thanks a lot! simple and clear explanation! Great!
View Tutorial          By: Fabio Henrique at 2010-03-29 15:23:56

76. Thanks. But I've also had to use $JAVA_HOME/jre/lib/security/cacerts
Thanks Martin Zeltner!

View Tutorial          By: Alex at 2010-03-15 04:17:09

77. This is by far the easiest way I have yet seem, many thanks. I was continually messing around trying
View Tutorial          By: doahh at 2010-03-08 11:23:48

78. But I have the same error ("
View Tutorial          By: azeemuddin at 2010-03-04 07:25:33

79. Thank you for your help !
View Tutorial          By: vadym at 2010-03-03 06:35:01

80. Thank you for Very good article.
View Tutorial          By: Pakornsak S at 2010-02-08 04:35:05

81. Great details you provided here, very straight forward to follow. Cheers.
View Tutorial          By: Jackie Wong at 2010-02-05 10:52:25

82. Hi,

as mentioned on my blog (, one can also create a

View Tutorial          By: Jesper Udby at 2010-01-23 10:21:32

83. Just used successfully so that my build server's Hudson could connect to Jira using
View Tutorial          By: Anthony Pelosi at 2009-12-30 15:52:17

84. Hallo.
If I have a self-signed certificate (so I haven't a root certificate),is the same proc

View Tutorial          By: Mario at 2009-11-12 07:16:19

85. Hallo.
If I have a self-signed certificate (so I haven't a root certificate),is the same proc

View Tutorial          By: Mario at 2009-11-12 06:37:08

86. Hallo.
If I have a self-signed certificate (so I haven't a root certificate),is the same proc

View Tutorial          By: Mario at 2009-11-12 06:37:02

87. Hallo.
If I have a self-signed certificate (so I haven't a root certificate),is the same proc

View Tutorial          By: Mario at 2009-11-12 06:35:50

88. Hallo.
If I have a self-signed certificate (so I haven't a root certificate),is the same proc

View Tutorial          By: Mario at 2009-11-12 06:35:29

89. Hallo.

And if the certificate is self-signed so I haven't a CA root?


View Tutorial          By: Mario at 2009-11-11 08:42:46

90. Thank you very much for your help!!
View Tutorial          By: Ajay Singh at 2009-10-21 22:17:21

91. Nearly perfect help, but the path I had to use was $JAVA_HOME/jre/lib/security/cacerts instead of $J
View Tutorial          By: Martin Zeltner at 2009-09-15 04:15:19

92. Gracias, it worked.
View Tutorial          By: Eduardo at 2009-09-09 12:16:30

93. A big thanks to Ramlak for the detailed and crisp solution.
View Tutorial          By: Chidanand Gangur at 2009-08-27 06:02:16

94. Thanks, it worked.
View Tutorial          By: Deepak Varier at 2009-08-19 03:38:07

95. Thank you! This article helped me to solve my issuse. your example is clear and great.

View Tutorial          By: nithya at 2009-08-12 03:28:24

96. Thanks a lot Ramlak! This is still very useful after 2 years of original posting today on 9 Aug 200
View Tutorial          By: Jacky at 2009-08-08 23:49:12

97. Your example is clear crisp and very helpful..
View Tutorial          By: sridhar at 2009-08-06 08:41:14

98. Thanks it really works good

View Tutorial          By: vipul at 2009-07-14 02:21:18

99. Muchas gracias por compartir informacion. :)
View Tutorial          By: Anonymous at 2009-05-21 08:48:47

100. Thanks a lot! This really helped!!!
View Tutorial          By: SuperSeppel13 at 2009-04-14 04:25:06

101. Thank you very much!!!

But I have the same error ("

View Tutorial          By: Gemis at 2009-04-14 02:37:08

102. Good ,I like here&#65281; I send gmail with javamail ,hava this exception ,it\'s very bad!
View Tutorial          By: jackhexl at 2009-04-02 03:29:44

103. This is really helpful.
View Tutorial          By: srikanth at 2009-03-11 08:04:04

104. Thanks. Your post was clear and worked perfectly as I stumbled across this problem today.

View Tutorial          By: Suma at 2009-03-05 09:40:08

105. Appriciated, The information is very useful and straight forward even for new developer.
View Tutorial          By: Bala Gummadi at 2009-02-24 10:01:50

106. Thank You So Much ^,^
I get rid of that error

View Tutorial          By: moji junk at 2009-02-24 07:48:19

107. Thankx, the information was of great use, I appreciate the way things are explained
View Tutorial          By: sachin at 2008-12-13 03:37:11

108. So well explained that i thought during about 5 minutes that it would resolve the problem that makes
View Tutorial          By: DesperateUnluckyMan at 2008-11-06 08:11:00

109. Thx, this helped a lot.

How can I Import all the certificates from a old Java version

View Tutorial          By: Marko at 2008-10-09 01:32:37

110. Thank you! This article helped me to solve this problem which I had no idea what to do with.
View Tutorial          By: Stan Devyatovsky at 2008-09-12 05:20:20

111. Great!! But when I use wscompile to create stub,I get the following error :

View Tutorial          By: Baven at 2008-07-22 15:55:52

112. Your post helped me to resolve the SSH exception..Thank you
View Tutorial          By: Ashwini at 2008-07-14 12:47:32

113. Hello, your post helped me a lot with solving my own problem. But I still have some open questions,
View Tutorial          By: Florian Brunner at 2008-06-26 08:59:42

114. Thanks ! I found it very useful !
View Tutorial          By: Rownak Ehsan at 2008-04-29 00:50:10

Most Viewed Articles (in Java Beans )

Latest Articles (in Java Beans)

Comment on this tutorial