SunCertPathBuilderException: unable to find valid certification path to requested target

Before reading this tutorial please go through the tutorial using SSL with jax-ws webservice

Download the InstallCert.java from  http://blogs.sun.com/andreas/resource/InstallCert.java

Install the InstallCert.java

1. Compile the class using “javac InstallCert.java” in command prompt
2. Execute the command “java InstallCert localhost:8443” in command prompt

After installation, now you will get following output in command prompt

Loading KeyStore C:\Program Files\Java\jre6\lib\security\cacerts...
Opening connection to localhost:8443...
Starting SSL handshake...

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at InstallCert.main(InstallCert.java:91)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:186)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
        ... 9 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
        at java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 17 more

Server sent 1 certificate(s):

 1 Subject CN=roytuts.com, OU=development, O=roytuts.com, L=kolkata, ST=west bengal, C=IN
   Issuer  CN=roytuts.com, OU=development, O=roytuts.com, L=kolkata, ST=west bengal, C=IN
   sha1    7d 9a b2 58 00 6e 55 32 4a 79 86 8d d2 7e 68 2f 79 5f 97 bd
   md5     33 88 04 e1 4f 31 94 15 62 51 32 7b 9b 00 9b ab

Enter certificate to add to trusted keystore or 'q' to quit: [1]
1

[
[
  Version: V3
  Subject: CN=roytuts.com, OU=development, O=roytuts.com, L=kolkata, ST=west bengal, C=IN
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 154719471973799292295356704051976042241676287444818032384653427783592381013461082572562570460773835220354435203406594426882263797433089379948326161667812793053415142673295528183982152720315138523945782651811724184988552950388428600970747854960026950085085234994666081871489334090335488382196235968036333195373
  public exponent: 65537
  Validity: [From: Tue Jun 10 11:27:07 IST 2014,
               To: Mon Sep 08 11:27:07 IST 2014]
  Issuer: CN=roytuts.com, OU=development, O=roytuts.com, L=kolkata, ST=west bengal, C=IN
  SerialNumber: [    53969e33]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 55 45 FD DC 1A 9F 18 5F   AA 73 65 3B B9 C5 1C B6  UE....._.se;....
0010: 06 E2 55 08 A4 E0 C4 A5   7B 85 DC B0 AD C0 64 58  ..U...........dX
0020: 31 83 DC 40 1E 8F B9 60   D7 FE 68 DE FE E2 79 9F  1..@...`..h...y.
0030: 6C A9 51 01 B5 95 A8 7D   0D 9B 2A 28 F7 81 C8 55  l.Q.......*(...U
0040: 73 00 5B D4 DB E8 A2 84   DC 9A 05 D8 47 38 BB F2  s.[.........G8..
0050: 40 58 6C 9D CE 29 13 E7   07 44 B8 42 00 0F 7C B7  @Xl..)...D.B....
0060: 68 DF 08 D4 CB B2 6A 96   F7 23 D6 1A D5 27 C5 ED  h.....j..#...'..
0070: 1D 41 B3 85 A8 AE 07 97   42 9C 2D 6B AE 8D 20 81  .A......B.-k.. .

]

Added certificate to keystore 'jssecacerts' using alias 'localhost-1'

 

Now check whether certificate added to the keystore using “java InstallCert localhost:8443” in command prompt. You will get the following output.

Loading KeyStore jssecacerts...
Opening connection to localhost:8443...
Starting SSL handshake...

No errors, certificate is already trusted

Server sent 1 certificate(s):

 1 Subject CN=roytuts.com, OU=development, O=roytuts.com, L=kolkata, ST=west bengal, C=IN
   Issuer  CN=roytuts.com, OU=development, O=roytuts.com, L=kolkata, ST=west bengal, C=IN
   sha1    7d 9a b2 58 00 6e 55 32 4a 79 86 8d d2 7e 68 2f 79 5f 97 bd
   md5     33 88 04 e1 4f 31 94 15 62 51 32 7b 9b 00 9b ab

Enter certificate to add to trusted keystore or 'q' to quit: [1]

 

So from the above output it’s obvious that certificate already added to the keystore.

Now certificate file “jssecacerts” has been generated at the same location where you have put the InstallCert.java file. So copy jssecacerts to the $JAVA_HOME\jre6\lib\security directory.

Now run webservice client again. It should work.

Soumitra Roy Sarkar

I am a professional Web developer, Enterprise Application developer, Software Engineer and Blogger. Connect me on Roy Tutorials Twitter Facebook  Google Plus Linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *