JAVA EXAMPLE PROGRAMS

JAVA EXAMPLE PROGRAMS

Publish Your Article Here

SunCertPathBuilderException: Unable To Find Valid Certification Path To Requested Target


If you are getting given below exception means, the web server or the URL you are connecting to does not have a valid certificate from an authorized CA. This page shows how to create trusted key store to solve this issue.

stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
	PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
	unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)

Download InstallCert.java utility from Sun to add the server's certificate to the KeyStore.

Compile InstallCert.java class with below command which will create .class files.

javac InstallCert.java

Run InstallCert class, with your domain name, and press enter whenever asked for your input. It will add your requested domain as a trusted keystore, and generate a file called “jssecacerts“.

java2novice$ java InstallCert java2novice.com
Loading KeyStore /System/Library/Java/1.6.0.jdk/Contents/Home/lib/security/jssecacerts...
Opening connection to java2novice.com:443...
Starting SSL handshake...

No errors, certificate is already trusted

Server sent 2 certificate(s):

 1 Subject CN=ssl2000.cloudflare.com, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
   Issuer  CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
   sha1    d6 1f 75 62 67 69 84 1f a4 11 2f bb 03 54 1e 69 61 fa a1 44 
   md5     74 ea 58 4a b4 18 0c e1 49 88 41 af da aa 24 f5 

 2 Subject CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
   Issuer  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
   sha1    b9 ee 85 a1 0f d4 95 d9 94 ed 63 48 8a b7 4a 18 cb 8e 6b fa 
   md5     65 0b ea 04 19 77 80 e1 d0 0d 24 e8 dc 91 8a 15 

Enter certificate to add to trusted keystore or 'q' to quit: [1]


[
[
  Version: V3
  Subject: CN=ssl2000.cloudflare.com, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 2179868001399023805459918262369683288759968738161675086787035351459308361569
  0848128614148800516266117861476569092228184059858512948084597947022064397470961865426
  5709093760956491035507206546276252079445480637447514706144335766963539775883217053028
  8336281374967114263789122050850943794555550357063117832790364999469581394805178938336
  7895671962297745636099733952604087823150583081869745154258907544337212909687469590104
  3495194282786962163448293902587249949549135196299458174805288635293859700341919156306
  6529003955759798179643374460421445042457639539925484347078017019281173886896460000580
  2425952553955070116331017958471
  public exponent: 65537
  Validity: [From: Sat Oct 11 15:38:15 GMT+05:30 2014,
               To: Mon Oct 12 15:38:15 GMT+05:30 2015]
  Issuer: CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
  SerialNumber: [    11219734 823ff1f5 54008b32 1506c7e6 9993]

Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.2
   accessLocation: URIName: http://secure.globalsign.com/cacert/gsorganizationvalg2.crt, 
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp2.globalsign.com/gsorganizationvalg2]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5D 46 B2 8D C4 4B 74 1C   BB ED F5 73 B6 3A B7 38  ]F...Kt....s.:.8
0010: 8F 75 9E 7E                                        .u..
]

]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.globalsign.com/gs/gsorganizationvalg2.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.23.140.1.2.2]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 26 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 6C  .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E   2E 63 6F 6D 2F 72 65 70  obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F                            ository/

]]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: ssl2000.cloudflare.com
  DNSName: cloudflare.com
  DNSName: *.cloudflare.com
]

[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1F A5 37 C4 B2 08 68 FB   FC BD CA 75 67 38 BA 8C  ..7...h....ug8..
0010: 5B 4D 6B DE                                        [Mk.
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 4B E2 35 E5 F1 42 FE B3   1D B4 6C FC 08 66 6E D7  K.5..B....l..fn.
0010: 49 0D A8 8D 65 57 BA 44   5D B4 0A 73 DE BF E5 F8  I...eW.D]..s....
0020: 1F C5 D5 C2 16 BC D0 68   0D A9 D5 02 04 8B 90 64  .......h.......d
0030: 82 7E 2F B9 41 34 CC 40   02 9F 97 B8 25 BF E0 5F  ../.A4.@....%.._
0040: 79 F5 94 2D 02 C6 64 88   56 8C 51 FE CD 23 B0 69  y..-..d.V.Q..#.i
0050: 97 AD 56 D7 96 90 3D 5A   65 B7 5F 04 90 CA 42 7F  ..V...=Ze._...B.
0060: 70 81 5C 50 AA 27 C4 7F   A0 98 A5 CC 94 5D 87 46  p.\P.'.......].F
0070: D0 DB 22 0B E8 80 C8 1B   F6 C2 67 D1 97 87 D4 CA  ..".......g.....
0080: 04 A2 42 E8 C5 33 B1 FD   46 33 38 A2 87 2B 60 FF  ..B..3..F38..+`.
0090: 9D 74 76 78 34 37 0A 75   FE AF B4 5E 2A 0E B3 1A  .tvx47.u...^*...
00A0: 4E A7 7A 97 D8 B9 C2 FD   D6 AD 8E C1 08 1E D8 C8  N.z.............
00B0: AF C2 E7 65 9A 23 87 74   46 D9 CB 8C 4D 2D E7 E5  ...e.#.tF...M-..
00C0: F8 B0 C5 7A 76 F4 68 3F   16 A9 13 5C 77 D6 06 07  ...zv.h?...\w...
00D0: 73 67 BC 03 F0 D0 0F C5   A9 34 DC 09 43 8D 0B 61  sg.......4..C..a
00E0: 5C 49 F8 63 00 7F 73 C0   A3 2A A9 FE AF BE E8 E2  \I.c..s..*......
00F0: 9B CB 9B E2 44 6C 92 ED   28 36 98 6C D9 94 2F 16  ....Dl..(6.l../.

]

Added certificate to keystore 'jssecacerts' using alias 'java2novice.com-1'
java2novice$ 

Move jssecacerts file to $JAVA_HOME\jre\lib\security folder. Now your problem is solved, you no more get this exception again.


blog comments powered by Disqus

Java problems and solutions

  1. Unable to install Java 7 in Eclipse on Mac - Java 7 Mac OS issues
  2. How to change Java (JVM) version in Mac OS? - Java version Mac OS issues
  3. SunCertPathBuilderException: Unable To Find Valid Certification Path To Requested Target
  4. How to merge two jssecacerts files? - Merge key store files
  5. How to write Micro-Benchmark for java Hotspot?
  6. servlet-api-2.5.jar - jar not loaded - tomcat error
  7. How to exclude property files in a jar using Maven
  8. ClassNotFoundException: org.springframework.web.context.ContextLoaderListener
  9. CGLIB is required to process @Configuration classes
  10. Git command to list conflicted files
Knowledge Centre
Preemptive scheduling Vs Time slicing?
Preemptive scheduling: The highest priority task executes until it enters the waiting or dead states or a higher priority task comes into existence.

Time slicing: A task executes for a predefined slice of time and then reenters the pool of ready tasks. The scheduler then determines which task should execute next, based on priority and other factors.
Famous Quotations
Education is what remains after one has forgotten what one has learned in school.
-- Albert Einstein

About Author

Most Visited Pages

Other Interesting Sites

Reference: Java™ Platform Standard Ed. 7 - API Specification | Java is registered trademark of Oracle.
Privacy Policy | Copyright © 2017 by Nataraja Gootooru. All Rights Reserved.