I often experience a “PKIX path building failed” issue with the applications I use.
The error message is always something like this:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This issue occurs because the calling application does not have the certificate(s) of the target application. These certificates must be imported into the Java keystore for the two applications to trust each other.
Check the logs of the Java application that is throwing the error and identify the JRE being used. In my case it was: C:\Program Files\Java\jre1.8.0_141\bin>
Using the browser, access the target application and save each certificate to disk. In my case it was: C:\certs\aws_sc17_main.cer.
Next run the keytool command from the previously identified JRE bin folder. In the example below: I made the aliases aws_sc17_main. The keystore password has never been changed so it uses the default “changeit” password. I find its best to specify the keystore file location, sometimes my certs disappear to nowhere land. 😉
I ran the following commands using administrator mode in Windows Command:
keytool -import -storepass changeit -keystore "C:\Program Files\Java\jre1.8.0_141\lib\security\cacerts" -alias aws_sc17_main -file C:\certs\aws_sc17_main.cer
Restart your Java application and you should be good to go!
About the Authors
Each member of Anto's editorial team is a Cloud expert in their own right. Anto Online takes great pride in helping fellow Cloud enthusiasts. Let us know if you have an excellent idea for the next topic!
Support the Cause
Support Anto Online and buy us a coffee. Anything is possible with coffee and code.