Sunday, April 15, 2018

Unable to Find Valid Certification Path to Requested Target while using Java on Server

SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. 
When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. 

Typically, SSL is used to secure credit card transactions, data transfer, and logins, and more recently is becoming the norm when securing browsing of social media sites.

Even now, most the browsers show sites as "Not Secure" when they don't have SSL certificates

Maybe you also faced an issue like below:


org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://www.google.com":sun.security.validator.ValidatorException: 
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target; nested exception 
is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:607)
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:557)

It is because the certificate used by the HTTPS URL doesn’t exist in the Java Keystore. Hence, the SSL validation fails.

We can fix it downloading and adding site's certificate to Java keystore. Please follow below steps:






Save Exported file by name for example "google.cer". Now in terminal check is JAVA_HOME defined or not using below command
# echo $JAVA_HOME

If not defined above command will return empty string, in that case define it using
# export JAVA_HOME=/usr/java/jdk.1.8.0_12
# export PATH=$PATH:$JAVA_HOME

Now you can set certificate for your Java using below command
# sudo keytool -import -trustcacerts -file /path/to/google.cer -alias google -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

if keytool not found then move to (cd) "$JAVA_HOME/bin" and execute the command again.

That is all you need to force java accept and work with Https site

You can remove defined certs from your Java as well using below command:
# sudo keytool -delete -alias google -keystore $JAVA_HOME/jre/lib/security/cacerts

If you want to go deep and master Java and looking for a cheap course I'd strongly recommend Java Programming Masterclass for Software Developers which is already taken by 300k+ students and has a great rating.

Thanks for reading!

7 comments:

  1. Usually I never comment on blogs but your article is so convincing that I never stop myself to say something about it. You’re doing a great job,Keep it up.

    Try Our Love Spells Removal In Toronto Services and Get All the benefits of it in your life, we make All your Personal problems solved in just minutes.

    ReplyDelete
  2. Buy Farm Fresh seasonal Mango Fruits online at best price. Send Mangoes to all Pakistan like Karachi, Lahore, Islamabad, Rawalpindi, Peshawar, Multan, Faisalabad, Hyderabad and Jhelum on door stepfruitoyepk.

    ReplyDelete
  3. movers and packers in dubai | noorahmedtransports Noor Ahmad Transport is a Mover and Packer service provider in Dubai Marina. Pickup Truck Rental Dubai 1/3 Ton - 7/10 Ton Truck with Tail Lift. Home/Office Shifting, Man with van service in Dubai. Call: 050 651 2943

    ReplyDelete

  4. movers and packers in dubai marina Noor Ahmad Transport is a Mover and Packer service provider in Dubai Marina. Pickup Truck Rental Dubai 1/3 Ton - 7/10 Ton Truck with Tail Lift. Home/Office Shifting, Man with van service in Dubai. Call: 050 651 2943

    ReplyDelete
  5. Thanks For Share With Us, Check Some our Content Also:Write For Us Telemarketing

    ReplyDelete
  6. Encountering the error "Unable to Find Valid Certification Path to Requested Target" indicates issues with the SSL certificate chain validation in Java when communicating with the server, requiring investigation and potential adjustments to the certificate configuration and visit CMODLS one of the best web development company in Dubai offering and providing most authentic and complete services in this domain.

    ReplyDelete