When we deal with calling secure URLs (HTTPS) from Java code we sometimes get SSLHandshakeException.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Why?
If your Java programs throws SSLHandshakeException, it means your Java application is unable to establish a secure connection with the given secure URL. This because the URL you are trying to access have no valid certificate issued from an authorized CA.
Solution
If the application with secure URL is owned by you, or you have control to maintain it, you can add a valid SSL certificate from an authorized CA to that application.
But sometimes it may not work. May be you have no control over the other application, or may be you have control, but you are using a self signed SSL certificate in that application. In such cases you have to add those certificates to your JRE to make it a valid one.
Steps to add SSL Certificate to JRE
- Download SSL certificate (You can skip this step if you already have the certificate)
- Add certificate to JRE
Thats it!
Tips
If you have more than one JREs installed in same system (e.g., have both JDK and JRE installed separately in same system), make sure add certificate to the JRE used to run the application.
Here are some more articles related to SSL.
Thanks. It helped me solve the issue.
Sastrija..
I am having the same error and am really bugged for 3 days..!!! its really screwing me now⦠In my application I have imported the trusted certificate in a different keystore which i am using in my application to trust it. Googled a lot and everyone is suggesting to add the trusted CA in jdk but its not possible since my application can be migrated to a different machine according to the requirement. Can you suggest me a possible solution ? thanks in advance
I am pasting you some of the error log that i am getting..
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
@Shoaib, Please check the following post in my blog, which may help to resolve your issue
http://wp.me/p2wUrz-1c
Hi,
Am also facing same issue, can you help me in solving this issue.
Thanks,
Grani
please help i am also getting this error
βββββββConfiguration: βββββββ
Exception in thread βmainβ javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1706)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:525)
at javax.mail.Service.connect(Service.java:291)
at javax.mail.Service.connect(Service.java:172)
at GoogleMail.Send(GoogleMail.java:93)
at GoogleMail.Send(GoogleMail.java:35)
at GoogleMail.main(GoogleMail.java:100)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1540)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:203)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:197)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:994)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:532)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:470)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:837)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1049)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1076)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1060)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:503)
at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:234)
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1672)
β¦ 6 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:302)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:205)
at sun.security.validator.Validator.validate(Validator.java:235)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973)
β¦ 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:191)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:297)
β¦ 22 more
Process completed.
I believe you have already gone through the steps mentioned in this post? Please let me know otherwise.
This is good , but is there a way out for doing the same writing some java codes ?
Please check the following link:
http://k2i.987.mywebsitetransfer.com/2012/07/12/setting-https-certificate-trusted-in-java/
Hi Sastrija.
I am really struggling to come out of this error. I very badly need your belp. This is my email id vbsenthilinnet@gmail.com. Can you drop me a test email
How can I use HTTPS Basic Authentication when I call a SOAP service?
Hi I am getting the same error as shown below:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at RestCall.getResponseFromPSH(RestCall.java:66)
at RestCall.main(RestCall.java:25)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
β¦ 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
I followed the steps. but its not working. Kindly help me to fix it
Are you sure you added the certificate to the correct JRE?
Ah! My application was using JDK6 and I was updating the certificate in JDK8.
Anyway nice & helpful article man!!
I’m running behind this issue for past 1 week. can you please help?
Please send a test email to Sarah.Carlson@gmail.com and I’ll explain the steps I followed.
I really need your help. Please reply at the earliest.
Hello,
Will it help if I install a latest Java version
If you are getting this error with current version of Java, it won’t make any difference if you upgrade Java to latest. You have to follow these steps to add the certificate.
Hi Sastrija,
I am also facing the same issue. I have added the certificate in the correct JDK path as well as my JDK version is 1.8. But still I can see this issue appear again.
I am using jayway rest assured to test API’s.
Hi Leena,
As per the past comments I’ve received, most common issue is having multiple instances of JRE in the server. So please make sure you have only one JRE (including JRE inside JDK bundle) in your machine and certificate is added to it.
You can follow the steps mentioned in this post to check the installed certificates in your JRE.
If you still getting the error, please share the error stacktrace to take a look.