JAVA EXAMPLE PROGRAMS

JAVA EXAMPLE PROGRAMS

Publish Your Article Here

SunCertPathBuilderException: Unable To Find Valid Certification Path To Requested Target


If you are getting given below exception means, the web server or the URL you are connecting to does not have a valid certificate from an authorized CA. This page shows how to create trusted key store to solve this issue.

stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
	PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
	unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)

Download InstallCert.java utility from Sun to add the server's certificate to the KeyStore.

Compile InstallCert.java class with below command which will create .class files.

javac InstallCert.java

Run InstallCert class, with your domain name, and press enter whenever asked for your input. It will add your requested domain as a trusted keystore, and generate a file called “jssecacerts“.

java2novice$ java InstallCert java2novice.com
Loading KeyStore /System/Library/Java/1.6.0.jdk/Contents/Home/lib/security/jssecacerts...
Opening connection to java2novice.com:443...
Starting SSL handshake...

No errors, certificate is already trusted

Server sent 2 certificate(s):

 1 Subject CN=ssl2000.cloudflare.com, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
   Issuer  CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
   sha1    d6 1f 75 62 67 69 84 1f a4 11 2f bb 03 54 1e 69 61 fa a1 44 
   md5     74 ea 58 4a b4 18 0c e1 49 88 41 af da aa 24 f5 

 2 Subject CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
   Issuer  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
   sha1    b9 ee 85 a1 0f d4 95 d9 94 ed 63 48 8a b7 4a 18 cb 8e 6b fa 
   md5     65 0b ea 04 19 77 80 e1 d0 0d 24 e8 dc 91 8a 15 

Enter certificate to add to trusted keystore or 'q' to quit: [1]


[
[
  Version: V3
  Subject: CN=ssl2000.cloudflare.com, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 2179868001399023805459918262369683288759968738161675086787035351459308361569
  0848128614148800516266117861476569092228184059858512948084597947022064397470961865426
  5709093760956491035507206546276252079445480637447514706144335766963539775883217053028
  8336281374967114263789122050850943794555550357063117832790364999469581394805178938336
  7895671962297745636099733952604087823150583081869745154258907544337212909687469590104
  3495194282786962163448293902587249949549135196299458174805288635293859700341919156306
  6529003955759798179643374460421445042457639539925484347078017019281173886896460000580
  2425952553955070116331017958471
  public exponent: 65537
  Validity: [From: Sat Oct 11 15:38:15 GMT+05:30 2014,
               To: Mon Oct 12 15:38:15 GMT+05:30 2015]
  Issuer: CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
  SerialNumber: [    11219734 823ff1f5 54008b32 1506c7e6 9993]

Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.2
   accessLocation: URIName: http://secure.globalsign.com/cacert/gsorganizationvalg2.crt, 
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp2.globalsign.com/gsorganizationvalg2]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5D 46 B2 8D C4 4B 74 1C   BB ED F5 73 B6 3A B7 38  ]F...Kt....s.:.8
0010: 8F 75 9E 7E                                        .u..
]

]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.globalsign.com/gs/gsorganizationvalg2.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.23.140.1.2.2]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 26 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 6C  .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E   2E 63 6F 6D 2F 72 65 70  obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F                            ository/

]]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: ssl2000.cloudflare.com
  DNSName: cloudflare.com
  DNSName: *.cloudflare.com
]

[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1F A5 37 C4 B2 08 68 FB   FC BD CA 75 67 38 BA 8C  ..7...h....ug8..
0010: 5B 4D 6B DE                                        [Mk.
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 4B E2 35 E5 F1 42 FE B3   1D B4 6C FC 08 66 6E D7  K.5..B....l..fn.
0010: 49 0D A8 8D 65 57 BA 44   5D B4 0A 73 DE BF E5 F8  I...eW.D]..s....
0020: 1F C5 D5 C2 16 BC D0 68   0D A9 D5 02 04 8B 90 64  .......h.......d
0030: 82 7E 2F B9 41 34 CC 40   02 9F 97 B8 25 BF E0 5F  ../.A4.@....%.._
0040: 79 F5 94 2D 02 C6 64 88   56 8C 51 FE CD 23 B0 69  y..-..d.V.Q..#.i
0050: 97 AD 56 D7 96 90 3D 5A   65 B7 5F 04 90 CA 42 7F  ..V...=Ze._...B.
0060: 70 81 5C 50 AA 27 C4 7F   A0 98 A5 CC 94 5D 87 46  p.\P.'.......].F
0070: D0 DB 22 0B E8 80 C8 1B   F6 C2 67 D1 97 87 D4 CA  ..".......g.....
0080: 04 A2 42 E8 C5 33 B1 FD   46 33 38 A2 87 2B 60 FF  ..B..3..F38..+`.
0090: 9D 74 76 78 34 37 0A 75   FE AF B4 5E 2A 0E B3 1A  .tvx47.u...^*...
00A0: 4E A7 7A 97 D8 B9 C2 FD   D6 AD 8E C1 08 1E D8 C8  N.z.............
00B0: AF C2 E7 65 9A 23 87 74   46 D9 CB 8C 4D 2D E7 E5  ...e.#.tF...M-..
00C0: F8 B0 C5 7A 76 F4 68 3F   16 A9 13 5C 77 D6 06 07  ...zv.h?...\w...
00D0: 73 67 BC 03 F0 D0 0F C5   A9 34 DC 09 43 8D 0B 61  sg.......4..C..a
00E0: 5C 49 F8 63 00 7F 73 C0   A3 2A A9 FE AF BE E8 E2  \I.c..s..*......
00F0: 9B CB 9B E2 44 6C 92 ED   28 36 98 6C D9 94 2F 16  ....Dl..(6.l../.

]

Added certificate to keystore 'jssecacerts' using alias 'java2novice.com-1'
java2novice$ 

Move jssecacerts file to $JAVA_HOME\jre\lib\security folder. Now your problem is solved, you no more get this exception again.


Java problems and solutions

  1. Unable to install Java 7 in Eclipse on Mac - Java 7 Mac OS issues
  2. How to change Java (JVM) version in Mac OS? - Java version Mac OS issues
  3. SunCertPathBuilderException: Unable To Find Valid Certification Path To Requested Target
  4. How to merge two jssecacerts files? - Merge key store files
  5. How to write Micro-Benchmark for java Hotspot?
  6. servlet-api-2.5.jar - jar not loaded - tomcat error
  7. How to exclude property files in a jar using Maven
  8. ClassNotFoundException: org.springframework.web.context.ContextLoaderListener
  9. CGLIB is required to process @Configuration classes
  10. Git command to list conflicted files
  11. Where is default localhost folder in Mac OSX?
  12. How to edit hosts file on Mac OSX
  13. How to set up java version in Maven based projects?
  14. How to split a string by new line character in java?
  15. How to configure Spring Boot without the parent POM (spring-boot-starter-parent)?
  16. My Spring boot application is not scaning my components (controllers)
  17. How to download a file in Spring RestController?
  18. How to get convert excel HSSFWorkbook (workbook) into byte array?
  19. How to add Oracle JDBC driver in your Maven local repository
  20. How to add jar file in your Maven local repository using command line?
  21. How to add default value to Spring @Value annotation?
  22. How to route Apache ProxyPass configuration through another proxy server? (Proxy to proxy)
  23. How to disable Maven unit test?
Knowledge Centre
Interface and its usage
Interface is similar to a class which may contain method's signature only but not bodies and it is a formal set of method and constant declarations that must be defined by the class that implements it. Interfaces are useful for declaring methods that one or more classes are expected to implement, capturing similarities between unrelated classes without forcing a class relationship and determining an object's programming interface without revealing the actual body of the class.
Famous Quotations
I don’t know the key to success, but the key to failure is trying to please everybody.
-- Bill Cosby

About Author

I'm Nataraja Gootooru, programmer by profession and passionate about technologies. All examples given here are as simple as possible to help beginners. The source code is compiled and tested in my dev environment.

If you come across any mistakes or bugs, please email me to [email protected].

Most Visited Pages

Other Interesting Sites

Reference: Java™ Platform Standard Ed. 7 - API Specification | Java™ Platform Standard Ed. 8 - API Specification | Java is registered trademark of Oracle.
Privacy Policy | Copyright © 2022 by Nataraja Gootooru. All Rights Reserved.