Databases
StackOverflow2013
Postsdbo
POResolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POResolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
    primarykey
    data
    text
    <p><strong>Edit :-</strong> Tried to format the question and accepted answer in more presentable way at mine <strong><a href="https://tech-geek-passion.blogspot.com/2017/09/how-to-resolve-javaxnetsslsslhandshakee.html" rel="noreferrer">Blog</a></strong> </p> <p>Here is the original issue:-</p> <p>I am getting this error</p> <blockquote> <p>detailed message sun.security.validator.ValidatorException: PKIX path building failed:<br> sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</p> <p>cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</p> </blockquote> <p>i am using tomcat 6 as webserver. i have two https webbapplication installed on different tomcat on differte port but on same machine. Say <code>App1(port 8443)</code> and <code>App2(port 443)</code>. <code>App1</code> connects to <code>App2</code> .When <code>App1</code> connects to <code>App2 i</code> get above error. I know this is very common error so came across many solutions on different forums and sites. I have below entry in <code>server.xml</code> of both tomcat i.e</p> <pre><code>keystoreFile="c:/.keystore" keystorePass="changeit" </code></pre> <p>Every site says the same reason that certificate given by app2 is not in the trusted store of app1 jvm. This seems to be true also when i tired to hit the same URL in IE browser, it works(with warming, There is a problem with this web site's security certificate. here i say continue to this website) But when same url is hit by java client(in my case). So i get the above error. So to put it in trustore i tried these tree options i.e</p> <p><strong>Option1</strong></p> <pre><code>System.setProperty("javax.net.ssl.trustStore", "C:/.keystore"); System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); </code></pre> <p><strong>Option2</strong> Setting below in environment variable</p> <pre><code>CATALINA_OPTS -- param name -Djavax.net.ssl.trustStore=C:\.keystore -Djavax.net.ssl.trustStorePassword=changeit ---param value </code></pre> <p><strong>Option3</strong> Setting below in environment variable</p> <pre><code>JAVA_OPTS -- param name -Djavax.net.ssl.trustStore=C:\.keystore -Djavax.net.ssl.trustStorePassword=changeit ---param value </code></pre> <p><strong>But nothing worked</strong> .</p> <p><strong>What at last worked</strong> is executing the java approach suggested in <a href="https://stackoverflow.com/questions/1828775/httpclient-and-ssl">How to handle invalid SSL certificates with Apache HttpClient?</a> by Pascal Thivent i.e executing the program InstallCert. </p> <p><strong>But this approach is fine for devbox setup but i can not use it at production environment.</strong> </p> <p>I am wondering why three approaches mentioned above did not work when i have mentioned same values in <code>server.xml</code> of <code>app2</code> server and same values in truststore by setting</p> <p><code>System.setProperty("javax.net.ssl.trustStore", "C:/.keystore") and System.setProperty("javax.net.ssl.trustStorePassword", "changeit");</code></p> <p>in <code>app1</code> program.</p> <p>For more information this is how i am making the connection</p> <pre><code>URL url = new URL(urlStr); URLConnection conn = url.openConnection(); if (conn instanceof HttpsURLConnection) { HttpsURLConnection conn1 = (HttpsURLConnection) url.openConnection(); conn1.setHostnameVerifier(new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }); reply.load(conn1.getInputStream()); </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USM Sach
    1. USM Sach
    plurals
    1. PL
      singulars
      1. LTLinked
    1. PL
      singulars
      1. LTLinked
    2. PL
      singulars
      1. LTLinked
    3. PL
      singulars
      1. LTDuplicate
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POResolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
      1. USStuart Siegler
      1. VTFavorite
    2. VO
      singulars
      1. POResolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POResolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
      1. This table or related slice is empty.
      1. VTUpMod
    1. COpossible duplicate of [HttpClient and SSL](http://stackoverflow.com/questions/1828775/httpclient-and-ssl)
      singulars
      1. POResolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
      1. USuser207421
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload