Let’s see how you can fix your “PKIX path building failed” error. This error occurs when you try to connect via HTTPS between two applications via a self-signed certificate.
The error will look something like this:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.
ValidatorException: PKIX path building failed: sun.security.provider.certpath.
SunCertPathBuilderException: unable to find valid certification path to requested targetTable of Contents
Issue description
A Successful connection between two SSL-based connections is only possible if the certificates are valid and trusted. Luckily, there is nothing to worry about if you are facing the issue. It is a well-known error message reported by the Java Virtual Machine. This error message is displayed when the Java environment does not have the information about the HTTPS server to verify that it is a trusted website.
The following are the common causes:
- The most common reason for this error is the certificate provided by an internal Root CA or is a self-signed certificate. Therefore, it can confuse the Java Virtual Machine as it is not on the Java “Trusted” list.
- A system firewall can also cause the issue. The firewall restricts the application’s connection to external systems that are unsecured. A valid certificate is required to access external systems.
Solution
You need to download and install the required certificates to fix your “PKIX path building failed” error.
Step 1 – Download the certificate
You can download the certificate using the following steps:
- Look for a URL in the error message and paste it to a browser.
- Now check if the URL you are visiting is secure. You can do this by looking for a lock icon on the left of the URL.
- Once you select the certificate, save the certificate to a file. You can choose DER encoded binary as the file format for the certificate.
At this point, you have not downloaded the certificate. The next step is to install the certificates in your system’s cacerts trust store. The cacerts is a trust store is used to authenticate peers.
Step 2 – Install the certificate.
You will need to use the keytool command to install your certificate.
See the command below:
keytool -importcert -trustcacerts -alias <alias name of the certificate> -file <path were we have saved the certificate> -Keystore “<path for the cacerts file>” -storepass changeitThe details will be according to your computer. In our case, the command will be:
keytool -importcert -trustcacerts -alias repo -file C:\temp\repo.cer -Keystore “C:\Program Files\Java\jdk1.8.0_131\jre\lib\security\carcets” -storepass changeitNote:
- We are using jdk1.8.0_131; as a result, the cacerts file path for our system is “C:\Program Files\Java\jdk1.8.0_131\jre\lib\security\carcets”. This path can be different for you, depending on your system and the JDK version.
- We have named our certificate repo, and the path where we save our certificate is C:\temp\repo.cer.
Wrapping up
After this detailed guide, we hope you have a clearer picture and better understanding of why this PKIX path-building error occurs and what steps to take to solve it.
