Thursday, March 6, 2014

How to resolve Java SSL certificate error PKIX path building failed

If you found following error while connecting a secure server

"org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

follow the below step to resolve the issue.

Step 1. Go to your Mozilla Firefox and browse the server URL and follow the highlighted steps.


Step 2. Download the certificate by following highlighted steps and save it to location direction with file extension ".crt", e.g: example.crt.

       


Step 3. Now open command prompt with "run as administrator" and run the following command

keytool -import -trustcacerts -file F:\qatoes002.unix.gsm1900.org.crt -alias CA_ALIAS -keystore "%JAVA_HOME%/jre/lib/security/cacerts"

it might ask password if needed then ask server administrator.

Certificate will be store in JDK home. If you are using eclipse IDE for development, make sure you are using same JDK home.




Using Unix Command:


echo -n | openssl s_client -connect HOST:PORT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$SERVERNAME.cert

echo -n | openssl s_client -connect localhost:5116 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$SERVERNAME.cert


 /opt/msdp/local/jdk1.8.0_51/bin/keytool -importcert -file /tmp/$SERVERNAME.cert  -keystore keystore1.jks -alias "Alias1"

Reference:
https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores

Do you like this post? Please link back to this article by copying one of the codes below.

URL: HTML link code: BB (forum) link code:
Posted by at 10:06 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)