Sunday, April 15, 2018

Unable to Find Valid Certification Path to Requested Target while using Java on Server

Maybe you also faced an issue like below

org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://www.google.com":sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:607) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:557)

It is because the certificate used by the HTTPS URL doesn’t exist in the Java Keystore. Hence, the SSL validation fails.


We can fix it downloading and adding site's certificate to Java keystore. Please follow below steps:






Save Exported file by name for example "google.cer". Now in terminal check is JAVA_HOME defined or not using below command
# echo $JAVA_HOME

If not defined above command will return empty string, in that case define it using
# export JAVA_HOME=/usr/java/jdk.1.8.0_12
# export PATH=$PATH:$JAVA_HOME

Now you can set certificate for your Java using below command

# sudo keytool -import -trustcacerts -file /path/to/google.cer -alias google -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

if keytool not found then move to (cd) "$JAVA_HOME/bin" and execute command again.
That is all you need to force java accept and work with Https site


You can remove defined certs from your Java as well using below command:

# sudo keytool -delete -alias google -keystore $JAVA_HOME/jre/lib/security/cacerts

No comments:

Post a Comment