Java sun security provider certpath SunCertPathBuilderException unable to find valid certification path to requested target

Question

I have a class that will download a file from a https server  When I run  it  it returns a lot of errors  It seems that I have a problem with my certificate  Is it possible to ignore the client-server authentication  If so  how   package com da   import java io FileOutputStream  import java io IOException  import java nio CharBuffer  import java util concurrent Future   import org apache http HttpResponse  import org apache http client utils URIUtils  import org apache http impl nio client DefaultHttpAsyncClient  import org apache http nio IOControl  import org apache http nio client HttpAsyncClient  import org apache http nio client methods AsyncCharConsumer  import org apache http nio client methods HttpAsyncGet  import org apache http nio client methods HttpAsyncPost   public class RSDDownloadFile       static FileOutputStream fos       public void DownloadFile String URI  String Request  throws Exception               java net URI uri   URIUtils createURI  https    176 66 3 69 6443   -1   download aspx                    Lang EN amp AuthToken package   null           System out println  URI Query      uri toString              HttpAsyncClient httpclient   new DefaultHttpAsyncClient            httpclient start            try               Future lt Boolean gt  future   httpclient execute                      new HttpAsyncGet uri                       new ResponseCallback    null                Boolean result   future get                if  result    null  amp  amp  result booleanValue                      System out println   nRequest successfully executed                  else                   System out println  Request failed                                                   catch Exception e               System out println   DownloadFile  Exception      e getMessage                       finally               System out println  Shutting down                httpclient shutdown                      System out println  Done                  static class ResponseCallback extends AsyncCharConsumer lt Boolean gt              Override         protected void onResponseReceived final HttpResponse response                 System out println  Response      response getStatusLine                  System out println  Header      response toString                  try                         if response getStatusLine   getStatusCode    200                       fos   new FileOutputStream   Response html                   catch Exception e                    System out println   onResponseReceived  Exception      e getMessage                                        Override         protected void onCharReceived final CharBuffer buf  final IOControl ioctrl  throws IOException               try                               while  buf hasRemaining                                             System out print buf get                         fos write buf get                                    catch Exception e                                System out println   onCharReceived  Exception      e getMessage                                       Override         protected void onCleanup                 try                                            if fos  null                      fos close                 catch Exception e                   System out println   onCleanup  Exception      e getMessage                                         System out println  onCleanup                          Override         protected Boolean buildResult                 return Boolean TRUE                       Errors   URI Query  https   176 66 3 69 6443 download aspx Lang EN amp AuthToken package Aug 2  2011 3 47 57 PM org apache http impl nio client NHttpClientProtocolHandler exception SEVERE  I O error  General SSLEngine problem javax net ssl SSLHandshakeException  General SSLEngine problem     at com sun net ssl internal ssl Handshaker checkThrown Unknown Source      at com sun net ssl internal ssl SSLEngineImpl checkTaskThrown Unknown Source      at com sun net ssl internal ssl SSLEngineImpl writeAppRecord Unknown Source      at com sun net ssl internal ssl SSLEngineImpl wrap Unknown Source      at javax net ssl SSLEngine wrap Unknown Source      at org apache http impl nio reactor SSLIOSession doHandshake SSLIOSession java 154      at org apache http impl nio reactor SSLIOSession isAppInputReady SSLIOSession java 276      at org apache http impl nio client InternalClientEventDispatch inputReady InternalClientEventDispatch java 79      at org apache http impl nio reactor BaseIOReactor readable BaseIOReactor java 161      at org apache http impl nio reactor AbstractIOReactor processEvent AbstractIOReactor java 335      at org apache http impl nio reactor AbstractIOReactor processEvents AbstractIOReactor java 315      at org apache http impl nio reactor AbstractIOReactor execute AbstractIOReactor java 275      at org apache http impl nio reactor BaseIOReactor execute BaseIOReactor java 104      at org apache http impl nio reactor AbstractMultiworkerIOReactor Worker run AbstractMultiworkerIOReactor java 542      at java lang Thread run Unknown Source  Caused by  javax net ssl SSLHandshakeException  General SSLEngine problem     at com sun net ssl internal ssl Alerts getSSLException Unknown Source      at com sun net ssl internal ssl SSLEngineImpl fatal Unknown Source      at com sun net ssl internal ssl Handshaker fatalSE Unknown Source      at com sun net ssl internal ssl Handshaker fatalSE Unknown Source      at com sun net ssl internal ssl ClientHandshaker serverCertificate Unknown Source      at com sun net ssl internal ssl ClientHandshaker processMessage Unknown Source      at com sun net ssl internal ssl Handshaker processLoop Unknown Source      at com sun net ssl internal ssl Handshaker 1 run Unknown Source      at java security AccessController doPrivileged Native Method      at com sun net ssl internal ssl Handshaker DelegatedTask run Unknown Source      at org apache http impl nio reactor SSLIOSession doHandshake SSLIOSession java 180          9 more Caused by  sun security validator ValidatorException  PKIX path building failed  sun security provider certpath SunCertPathBuilderException  unable to find valid certification path to requested target     at sun security validator PKIXValidator doBuild Unknown Source      at sun security validator PKIXValidator engineValidate Unknown Source      at sun security validator Validator validate Unknown Source      at com sun net ssl internal ssl X509TrustManagerImpl checkServerTrusted Unknown Source      at com sun net ssl internal ssl JsseX509TrustManager checkServerTrusted Unknown Source          16 more Caused by  sun security provider certpath SunCertPathBuilderException  unable to find valid certification path to requested target     at sun security provider certpath SunCertPathBuilder engineBuild Unknown Source      at java security cert CertPathBuilder build Unknown Source          21 more onCleanup     DownloadFile  Exception  javax net ssl SSLHandshakeException  General SSLEngine problem Shutting down Done

User · Answer

Quoting from No more  unable to find valid certification path to requested target       when trying to open an SSL connection to a host using JSSE  What this usually means is that the server is using a test certificate  possibly generated using keytool  rather than a certificate from a well known commercial Certification Authority such as Verisign or GoDaddy  Web browsers display warning dialogs in this case  but since JSSE cannot assume an interactive user is present it just throws an exception by default       Certificate validation is a very important part of SSL security  but I am not writing this entry to explain the details  If you are interested  you can start by reading the Wikipedia blurb  I am writing this entry to show a simple way to talk to that host with the test certificate  if you really want to       Basically  you want to add the server s certificate to the KeyStore with your trusted certificates   Try the code provided there  It might help

User · Answer

For Windows only  follow these steps    In Chrome go to settings    In Settings click show advance settings    Under HTTPS SSL Click on Manage Certificates    Export Your Certificate    In Windows searchs  Pressing windows key on keyboard  type java    Select  Configure Java  Option Which will open Java Control Panel   Select Security tab in Java Control Panel   Select Manage Certificates   Click Import   Under  User  tab selected and certificate type as  Trusted Certificates    Click import button and browse to downloaded certificate and import it

User · Answer

Had the issue like this image     Tried a few solutions  But found that even if it s same project  when it s on other one s working place  it s totally fine  No extra settings needed  So we guessed it s an enviroment issue  We tried changing JDK version  IDE but didn t work  it took about 4 hours for investigation  until we tried the top-rated answer  I didn t find the error mentioned in that answer but I found via my browser about HTTP URL  lock  that there was a certification of Charles  Then I realized my charles was on all the time  As long as I turned that off  it s working all fine   So I left my experience that could be helpful for your case

User · Answer

UPDATE  That a reboot helped was coincidental  I hoped so  hooray    The real cause of the problem was this  When Gradle is directed to use a specific  keystore  that keystore must also contain all the official root certificates  Otherwise it cannot access libraries from regular repositories  What I had to do was this   Import the self-signed certificate   keytool -import -trustcacerts -alias myselfsignedcert -file  Users me Desktop selfsignedcert crt -keystore   privateKeystore jks   Add the official root certificates   keytool -importkeystore -srckeystore  lt java-home gt  lib security cacerts -destkeystore   privateKeystore jks   Maybe the Gradle daemon also got in the way  Might be worth killing all running daemons found with   gradlew --status if things start looking bleak   ORIGINAL POSTING   Nobody will believe this  I know  Still  if all else fails  give it a try  After a reboot of my Mac the problem was gone  Grrr   Background    gradlew jar kept giving me  unable to find valid certification path to requested target   I am stuck with a self-signed certificate  saved from browser  imported in privateKeystore jks  Then instructed Gradle to work with privateKeystore jks   org gradle jvmargs -Djavax net debug SSL -Djavax net ssl trustStore   Users me IntelliJ myproject privateKeystore jks   -Djavax net ssl trustStorePassword changeit   As mentioned  this only worked after a reboot

User · Answer

This solved my issue   We need to import the cert onto the local java  If not we could get the below exception        javax net ssl SSLHandshakeException  sun security validator ValidatorException  PKIX path building failed  sun security provider certpath SunCertPathBuilderException  unable to find valid certification path to requested target         at sun security ssl Alerts getSSLException Alerts java 192          at sun security ssl SSLSocketImpl fatal SSLSocketImpl java 1949          at sun security ssl Handshaker fatalSE Handshaker java 302    SSLPOKE is a tool where you can test the https connectivity from your local machine   Command to test the connectivity     JAVA HOME  bin java  SSLPoke  lt hostname gt  443        sun security validator ValidatorException  PKIX path building failed       sun security provider certpath SunCertPathBuilderException  unable to find valid certification path to requested target         at sun security validator PKIXValidator doBuild PKIXValidator java 387          at sun security validator PKIXValidator engineValidate PKIXValidator java 292          at sun security validator Validator validate Validator java 260          at sun security ssl X509TrustManagerImpl validate X509TrustManagerImpl java 324          at sun security ssl X509TrustManagerImpl checkTrusted X509TrustManagerImpl java 229          at sun security ssl X509TrustManagerImpl checkServerTrusted X509TrustManagerImpl java 124          at sun security ssl ClientHandshaker serverCertificate ClientHandshaker java 1496          at sun security ssl ClientHandshaker processMessage ClientHandshaker java 216          at sun security ssl Handshaker processLoop Handshaker java 1026          at sun security ssl Handshaker process record Handshaker java 961          at sun security ssl SSLSocketImpl readRecord SSLSocketImpl java 1062          at sun security ssl SSLSocketImpl performInitialHandshake SSLSocketImpl java 1375          at sun security ssl SSLSocketImpl writeRecord SSLSocketImpl java 747          at sun security ssl AppOutputStream write AppOutputStream java 123          at sun security ssl AppOutputStream write AppOutputStream java 138          at SSLPoke main SSLPoke java 31      Caused by  sun security provider certpath SunCertPathBuilderException  unable to find valid certification path to      requested target         at sun security provider certpath SunCertPathBuilder build SunCertPathBuilder java 141          at sun security provider certpath SunCertPathBuilder engineBuild SunCertPathBuilder java 126          at java security cert CertPathBuilder build CertPathBuilder java 280          at sun security validator PKIXValidator doBuild PKIXValidator java 382              15 more   keytool -import -alias  lt anyname gt  -keystore   JAVA HOME  jre lib security cacerts  -file  lt cert path gt    this would first prompt to  Enter keystore password   changeit is the default password  and finally a prompt  Trust this certificate   no     provide  yes  to add the cert to keystore   Verfication   C  tools gt   JAVA HOME  bin java  SSLPoke  lt hostname gt  443 Successfully connected

User · Answer

first Download the ssl certificate then you can go to your java bin path execute the below command in the console   C  java JDK1 8 0 66-X64 bin gt keytool -printcert -file C  Users lova openapi cer -keystore openapistore

User · Answer

Export the SSL certificate using Firefox  You can export it by hitting the URL in the browser and then select the option to export the certificate  Let s assume the cert file name is your ssl server name crt Go to your JRE HOME bin or JDK JRE bin Type the command  keytool -keystore    lib security cacerts -import -alias your ssl server name -file   relative-path-to-cert-file your ssl server name crt Restart your Java process

User · Answer

As original question was - how to ignore the cert error  here is solution for those using SpringBoot and RestTemplate  Service public class SomeService        private final RestTemplate restTemplate       private final ObjectMapper objectMapper           private static HttpComponentsClientHttpRequestFactory createRequestFactory             try               SSLContextBuilder sslContext   new SSLContextBuilder                sslContext loadTrustMaterial null  new TrustAllStrategy                 CloseableHttpClient client   HttpClients custom   setSSLContext sslContext build    setSSLHostnameVerifier NoopHostnameVerifier INSTANCE  build                HttpComponentsClientHttpRequestFactory requestFactory   new HttpComponentsClientHttpRequestFactory                requestFactory setHttpClient client               return requestFactory            catch  KeyManagementException   KeyStoreException   NoSuchAlgorithmException var3                throw new IllegalStateException  quot Couldn t create HTTP Request factory ignore SSL cert validity   quot   var3                         Autowired     public SomeService RestTemplate restTemplate  ObjectMapper objectMapper            this objectMapper   objectMapper          this dimetorURL   dimetorURL          restTemplate setRequestFactory createRequestFactory                 public ResponseEntity lt ResponseObject gt  sendRequest RequestObject requestObject                          return restTemplate exchange url  HttpMethod GET  ResponseObject class

User · Answer

Simple Steps that I followed  problem  I was trying to connect to an endpoint https    s blob core windows net  using a simple java class main method   So I was getting this certification issue as mentioned above  in the question  Solution   Get the certificate using a browser chrome   To do this paste your endpoint URL in the browser and enter  Now you will see a lock icon  click on that -- gt certificate-- gt  details -- gt  copy to files-- gt  download it   open the cmd i am using windows  as admin and then navigate to the directory where you have downloaded the  cer file    3  Optional If you are using multiple JDK in the same machine then change your JDK version the same as you are using in your application   Now use the below command   keytool -import -alias mycertificate -keystore  quot C  Program Files Java jdk-11 0 5 lib security cacerts quot  -file myurlcrt cer   Give the default password  changeit  Trust this certificate  yes   And you are done  Thanks

User · Answer

In my case I had both keystore and truststore having the same certificate so removing truststore helped  Sometimes the chain of certificates can be an issue if you ve multiple copies of certificates

User · Answer

The source of this error on my Apache 2 4 instance  using a Comodo wildcard certificate  was an incomplete path to the SHA-1 signed root certificate  There were multiple chains in the issued certificate  and the chain leading to a SHA-1 root certificate was missing an intermediate certificate  Modern browsers know how to handle this  but Java 7 doesn t handle it by default  although there are some convoluted ways to accomplish this in code   The result is error messages that look identical to the case of self-signed certificates   Caused by  sun security provider certpath SunCertPathBuilderException  unable to find valid certification path to requested target     at sun security provider certpath SunCertPathBuilder engineBuild SunCertPathBuilder java 196      at java security cert CertPathBuilder build CertPathBuilder java 268      at sun security validator PKIXValidator doBuild PKIXValidator java 380          22 more   In this case  the  unable to find valid certification path to requested target  message is being produced due to the missing intermediate certificate  You can check which certificate is missing using SSL Labs test against the server  Once you find the appropriate certificate  download it and  if the server is under your control  add it to the certificate bundle  Alternatively  you can import the missing certificate locally  Accommodating this issue on the server is a more general solution to the problem

User · Answer

Gabe Martin-Dempesy s answer is helped to me  And I wrote a small script related to it  The usage is very simple   Install a certificate from host     gt  sudo   java-cert-importer sh example com   Remove the certificate that installed already    gt  sudo   java-cert-importer sh example com --delete   java-cert-importer sh     usr bin env bash    Exit on error set -e    Ensure script is running as root if     EUID  -ne 0     then echo  WARN  Please run as root  sudo     exit 1 fi    Check required commands command -v openssl  gt  dev null 2 gt  amp 1      echo  Required command  openssl  not installed  Aborting    gt  amp 2  exit 1    command -v keytool  gt  dev null 2 gt  amp 1      echo  Required command  keytool  not installed  Aborting    gt  amp 2  exit 1       Get command line args host  1  port   2 -443   deleteCmd   3 -  2      Check host argument if       host     then cat  lt  lt  EOF Please enter required parameter s   usage     java-cert-importer sh  lt host gt     lt port gt    default 443     -d   --delete    EOF exit 1 fi   if     JAVA HOME     then     javahome   JAVA HOME  elif      OSTYPE      linux-gnu      then   Linux     javahome   readlink -f   which java    sed  s bin java     elif      OSTYPE      darwin       then   Mac OS X     javahome     usr libexec java home  jre  fi  if       javahome     then     echo  WARN  Java home cannot be found       exit 1 elif     -d   javahome     then     echo  WARN  Detected Java home does not exists   javahome      exit 1 fi  echo  Detected Java Home   javahome     Set cacerts file path cacertspath   javahome  lib security cacerts cacertsbackup    cacertspath     backup   if       deleteCmd      -d           deleteCmd      --delete       then     sudo keytool -delete -alias   host  -keystore   cacertspath  -storepass changeit     echo  Certificate is deleted for   host       exit 0 fi    Get host info from user  read -p  Enter server host  E g  example com      host  read -p  Enter server port  Default 443      port    create temp file tmpfile   tmp   host     crt     Create java cacerts backup file cp   cacertspath    cacertsbackup   echo  Java CaCerts Backup    cacertsbackup      Get certificate from speficied host openssl x509 -in  lt  openssl s client -connect   host    port  -prexit 2 gt  dev null  -out   tmpfile     Import certificate into java cacerts file sudo keytool -importcert -file   tmpfile  -alias   host  -keystore   cacertspath  -storepass changeit    Remove temp certificate file rm   tmpfile     Check certificate alias name  same with host  that imported successfully result   keytool -list -v -keystore   cacertspath  -storepass changeit   grep  Alias name    host       Show results to user if     result     then     echo  Success  Certificate is imported to java cacerts for   host    else     echo  Error  Something went wrong   fi

User · Answer

For those who like Debian and prepackaged Java   sudo mkdir  usr share ca-certificates test     don t mess with other certs sudo cp   tmp test loc crt  usr share ca-certificates test  sudo dpkg-reconfigure --force ca-certificates    check your cert in curses GUI  sudo update-ca-certificates --fresh --verbose   Don t forget to check  etc default cacerts for     enable disable updates of the keystore  etc ssl certs java cacerts cacerts updates yes   To remove cert   sudo rm  usr share ca-certificates test test loc crt sudo rm  etc ssl certs java cacerts sudo update-ca-certificates --fresh --verbose

User · Answer

I was able to get it working with code only  i e  no need to use keytool   import com netflix config DynamicBooleanProperty  import com netflix config DynamicIntProperty  import com netflix config DynamicPropertyFactory  import org apache http client config RequestConfig  import org apache http config Registry  import org apache http config RegistryBuilder  import org apache http conn ssl SSLContexts  import org apache http conn ssl TrustStrategy  import org apache http conn ssl X509HostnameVerifier  import org apache http impl nio client CloseableHttpAsyncClient  import org apache http impl nio client HttpAsyncClients  import org apache http impl nio conn PoolingNHttpClientConnectionManager  import org apache http impl nio reactor DefaultConnectingIOReactor  import org apache http impl nio reactor IOReactorConfig  import org apache http nio conn NoopIOSessionStrategy  import org apache http nio conn SchemeIOSessionStrategy  import org apache http nio conn ssl SSLIOSessionStrategy   import javax net ssl SSLContext  import javax net ssl SSLException  import javax net ssl SSLSession  import javax net ssl SSLSocket  import java io IOException  import java security cert CertificateException  import java security cert X509Certificate   public class Test       private static final DynamicIntProperty MAX TOTAL CONNECTIONS   DynamicPropertyFactory getInstance   getIntProperty  X total connections   40       private static final DynamicIntProperty ROUTE CONNECTIONS   DynamicPropertyFactory getInstance   getIntProperty  X total connections   40       private static final DynamicIntProperty CONNECT TIMEOUT   DynamicPropertyFactory getInstance   getIntProperty  X connect timeout   60000       private static final DynamicIntProperty SOCKET TIMEOUT   DynamicPropertyFactory getInstance   getIntProperty  X socket timeout   -1       private static final DynamicIntProperty CONNECTION REQUEST TIMEOUT   DynamicPropertyFactory getInstance   getIntProperty  X connectionrequest timeout   60000       private static final DynamicBooleanProperty STALE CONNECTION CHECK   DynamicPropertyFactory getInstance   getBooleanProperty  X checkconnection   true        public static void main String   args  throws Exception                SSLContext sslcontext   SSLContexts custom                    useTLS                    loadTrustMaterial null  new TrustStrategy                                          Override                     public boolean isTrusted X509Certificate   chain  String authType  throws CertificateException                                               return true                                                            build            SSLIOSessionStrategy sslSessionStrategy   new SSLIOSessionStrategy sslcontext  new AllowAll              Registry lt SchemeIOSessionStrategy gt  sessionStrategyRegistry   RegistryBuilder  lt SchemeIOSessionStrategy gt create                    register  http   NoopIOSessionStrategy INSTANCE                   register  https   sslSessionStrategy                   build             DefaultConnectingIOReactor ioReactor   new DefaultConnectingIOReactor IOReactorConfig DEFAULT           PoolingNHttpClientConnectionManager connectionManager   new PoolingNHttpClientConnectionManager ioReactor  sessionStrategyRegistry           connectionManager setMaxTotal MAX TOTAL CONNECTIONS get             connectionManager setDefaultMaxPerRoute ROUTE CONNECTIONS get              RequestConfig requestConfig   RequestConfig custom                    setSocketTimeout SOCKET TIMEOUT get                     setConnectTimeout CONNECT TIMEOUT get                     setConnectionRequestTimeout CONNECTION REQUEST TIMEOUT get                     setStaleConnectionCheckEnabled STALE CONNECTION CHECK get                     build             CloseableHttpAsyncClient httpClient   HttpAsyncClients custom                    setSSLStrategy sslSessionStrategy                   setConnectionManager connectionManager                   setDefaultRequestConfig requestConfig                   build             httpClient start                use httpClient               private static class AllowAll implements X509HostnameVerifier                Override         public void verify String s  SSLSocket sslSocket  throws IOException                      Override         public void verify String s  X509Certificate x509Certificate  throws SSLException              Override         public void verify String s  String   strings  String   strings2  throws SSLException                      Override         public boolean verify String s  SSLSession sslSession                        return true

User · Answer

Here s what reliably works for me on macOS  Make sure to replace example com and 443 with the actual hostname and port you re trying to connect to  and give a custom alias  The first command downloads the provided certificate from the remote server and saves it locally in x509 format  The second command loads the saved certificate into Java s SSL trust store   openssl x509 -in  lt  openssl s client -connect example com 443 -prexit 2 gt  dev null  -out   example crt sudo keytool -importcert -file   example crt -alias example -keystore    usr libexec java home  jre lib security cacerts -storepass changeit

User · Answer

There is a lot of way to solve this     One way is set the TrustStore certificates in a keystore file and put it in the path of the application  and set these system properties in the main method   public static void main String   args      System setProperty  javax net ssl trustStore    trust-store jks      System setProperty  javax net ssl trustStorePassword    TrustStore              Other way is place the keystore as resource file inside the project jar file and load it   public static SSLContext createSSLContext String resourcePath  String pass  throws NoSuchAlgorithmException  KeyStoreException  IOException  CertificateException  UnrecoverableKeyException  KeyManagementException        initialise the keystore   final char   password   pass toCharArray      KeyStore ks   KeyStore getInstance  JKS      ks load ThisClass class getResourceAsStream resourcePath      password         Setup the key manager factory    KeyManagerFactory kmf   KeyManagerFactory getInstance  SunX509      kmf init ks  password         Setup the trust manager factory    TrustManagerFactory tmf   TrustManagerFactory getInstance  SunX509      tmf init ks      SSLContext sslc   SSLContext getInstance  TLS      sslc init kmf getKeyManagers    tmf getTrustManagers    null     return sslc     public static void main String   args      SSLContext setDefault      createSSLContext   trust-store jks    TrustStore               In windows you can try this solution too  https   stackoverflow com a 59056537 980442    I created the keystore file from a Certificate authority CA  crt file in this way   keytool -import -alias ca -keystore trust-store jks -storepass TrustStore -trustcacerts -file ca crt   FYI  https   docs oracle com javadb 10 8 3 0 adminguide cadminsslclient html

User · Answer

I had the same problem with the certificates error and was because of SNI  and http client that I used didn t had SNI implemented  So an version update did the job      lt dependency gt           lt groupId gt org apache httpcomponents lt  groupId gt           lt artifactId gt httpclient lt  artifactId gt           lt version gt 4 3 6 lt  version gt       lt  dependency gt

User · Answer

The problem appears when your server has self signed certificate  To workaround it you can add this certificate to the list of trusted certificates of your JVM    In this article author describes how to fetch the certificate from your browser and add it to cacerts file of your JVM  You can either edit JAVA HOME jre lib security cacerts file or run you application with -Djavax net ssl trustStore parameter  Verify which JDK JRE you are using too as this is often a source of confusion   See also  How are SSL certificate server names resolved Can I add alternative names using keytool  If you run into java security cert CertificateException  No name matching localhost found exception

User · Answer

This can also be caused by using GoDaddy certs with Java 7 that are signed using SHA2   Chrome and all other browsers are starting to deprecate SSL certs that are signed using SHA1  as it s not as secure    More info on the issue can be found here  as well as how to resolve it on your server if you need to now

User · Answer

Make sure that the https   176 66 3 69 6443  have a valid certificate  you can check it via browser firstly  if it works in browser it will work in java   that is working for me

User · Answer

I had the same issue with a valid signed wildcard certificate from symantec   First try running your java application with -Djavax net debug SSL to see what is really going on   I ended up importing the intermediate certificate which was causing the cert chain to break   I downloaded the missing intermediate cert from symantec  you can see the download link to the missing cert in the ssl handshake log  http   svrintl-g3-aia verisign com SVRIntlG3 cer in my case    And I imported the cert in the java keystore  After importing the intermediate certificate my wildcard ssl cert finally started working   keytool -import -keystore    jre lib security cacerts -trustcacerts -alias  VeriSign Class 3 International Server CA - G3  -file  pathto SVRIntlG3 cer

User · Answer

You have two options  import the self-signed cert into java s keystore for each jvm the software will run on or try the non-validating ssl factory   jdbc postgresql   myserver com 5432 mydatabasename ssl true amp sslfactory org postgresql ssl NonValidatingFactory

User · Answer

In my case I m running MacOs High Sierra with Java 1 6  The cacert file is in a different location than referenced above in Gabe Martin-Dempesy s answer  The cacert file was also already linked to another location   Library Internet Plug-Ins JavaAppletPlugin plugin Contents Home lib security cacerts     Using FireFox  I exported the certificate from the web site in question to a local file called  exportedCertFile crt   From there  I used keytool to move the certificate into the cacert file  This fixed the problem   bash-3 2  cd  Library Java JavaVirtualMachines 1 6 0 jdk Contents Home lib security  bash-3 2  keytool -importcert -file   exportedCertFile crt -alias example -keystore cacerts -storepass changeit

User · Answer

AVG version 18 1 3044  with Windows 10  interfer with my local Spring application    Solution  enter in AVG section called  Web and email  and disable the  email protection   AVG block the certificate if the site isn t secure

[java] Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Examples related to java

Examples related to ssl

Examples related to https

Examples related to ssl-certificate