javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

By: Ramlak Emailed: 1475 times Printed: 1674 times    

Latest comments
By: rohit kumar - how this program is work
By: Kirti - Hi..thx for the hadoop in
By: Spijker - I have altered the code a
By: ali mohammed - why we use the java in ne
By: ali mohammed - why we use the java in ne
By: mizhelle - when I exported the data
By: raul - no output as well, i'm ge
By: Rajesh - thanx very much...
By: Suindu De - Suppose we are executing

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Are you getting this error? This simply means that the web server or the URL you are connecting to does not have a valid certificate from an authorized CA. But however, being a programmer you would want to find out the alternative way to solve this issue.

What you need to do is to import the server certificate and install it in your JDK's keystore. If I am talking greek, its ok. I too just leant this. Just follow these steps and you will be able to get rid of that error.

1. First of all you copy the URL that you are connecting to and paste it in your browser. Let us say you are using IE. Just paste the url in the address bar and press enter.

2. You will now probably see a dialog box warning you about the certificate. Now click on the 'View Certificate' and install the certificate. Ignore any warning messages.

3. Now that the server certificate is installed in your computer, your browser will not warn you when you visit the same site again. But however your JRE dumb as it is does not yet know about this certificate's existence until you add it to its keystore. Usually you will use the keytool to manage certificates. Keytool is a command-line utility with numerous arguments that allow you to create and manage keystores for housing digital certificates. For the complete documentation of keytool,http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html

4. You can list the current certificates contained within a keystore using they keytool -list command. The initial password for the cacerts keystore is changeit. For example:

    C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list -keystore ..\lib\security\cacerts

    Enter keystore password: changeit

    You will then see the something like this:

    Keystore type: jks

    Keystore provider: SUN

    Your keystore contains 11 entries:

    engweb, Wed Apr 11 16:22:49 EDT 2001, trustedCertEntry,

    Certificate fingerprint (MD5): 8C:24:DA:52:7A:4A:16:4B:8E:FB:67:44:C9:D2:E4:16

    thawtepersonalfreemailca, Fri Feb 12 15:12:16 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9

    thawtepersonalbasicca, Fri Feb 12 15:11:01 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41

    verisignclass3ca, Mon Jun 29 13:05:51 EDT 1998, trustedCertEntry,

    Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D

    thawteserverca, Fri Feb 12 15:14:33 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D

    thawtepersonalpremiumca, Fri Feb 12 15:13:21 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D

      verisignclass4ca, Mon Jun 29 13:06:57 EDT 1998, trustedCertEntry,

      Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10

      verisignclass1ca, Mon Jun 29 13:06:17 EDT 1998, trustedCertEntry,

      Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20

    verisignserverca, Mon Jun 29 13:07:34 EDT 1998, trustedCertEntry,

    Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93

    thawtepremiumserverca, Fri Feb 12 15:15:26 EST 1999, trustedCertEntry,

    Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A

    verisignclass2ca, Mon Jun 29 13:06:39 EDT 1998, trustedCertEntry,

    Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8

     

5. Now you have to add the previosly installed certificate to this keystore. To add, begin by exporting your CA Root certificate as a DER-encoded binary file and save it as C:\root.cer. (you can view the installed certificates under Tools->'Internet Options' ->Content->Certificates. Once you open the certificates, locate the one you just installed under 'Trusted Root Certification Authorities". Select the right one and click on 'export'. You can now save it (DER encoded binary) under your c: drive.

6. Then use the keytool -import command to import the file into your cacerts keystore. 

    For example:-alias myprivateroot -keystore ..\lib\security\cacerts -file c:\root.cer

Enter keystore password: changeit

Owner: CN=Division name, OU=Department, O=Your Company, L=Anytown,

ST=NC, C=US, EmailAddress=you@company.com

Issuer: CN=Division name, OU=Department, O=Your Company, L=Anytown,

ST=NC, C=US, EmailAddress=you@company.com

Serial number: 79805d77eecfadb147e84f8cc2a22106

Valid from: Wed Sep 19 14:15:10 EDT 2001 until: Mon Sep 19 14:23:20 EDT 2101

Certificate fingerprints:

MD5: B6:30:03:DC:6D:73:57:9B:F4:EE:13:16:C7:68:85:09

SHA1: B5:C3:BB:CA:34:DF:54:85:2A:E9:B2:05:E0:F7:84:1E:6E:E3:E7:68

Trust this certificate? [no]: yes

Certificate was added to keystore

7. Now run keytool -list again to verify that your private root certificate was added:

    C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list -keystore ..\lib\security\cacerts

You will now see a list of all the certificates including the one you just added.

This confirms that your private root certificate has been added to the Extranet server cacerts keystore as a trusted certificate authority.


Java Beans Home | All Java Beans Tutorials | Latest Java Beans Tutorials

Sponsored Links

If this tutorial doesn't answer your question, or you have a specific question, just ask an expert here. Post your question to get a direct answer.



Bookmark and Share

Comments(85)


1. View Comment

Thanks ! I found it very useful !

View Tutorial          By: Rownak Ehsan at 2008-04-29 00:50:10
2. View Comment

Hello, your post helped me a lot with solving my own problem. But I still have some open questions, e.g. how could I get the certificate without the browser.

But anyway, thanks.


View Tutorial          By: Florian Brunner at 2008-06-26 08:59:42
3. View Comment

Your post helped me to resolve the SSH exception..Thank you

View Tutorial          By: Ashwini at 2008-07-14 12:47:32
4. View Comment

Great!! But when I use wscompile to create stub,I get the following error :

javax.net.ssl.SSLKeyException: RSA premaster secret error


wscompile -keep -gen:client -d classes -s src config-wsdl.xml
error: modeler error: failed to parse document at "https://<url>?WSDL":
javax.net.ssl.SSLKeyException: RSA premaster secret error

Thx


View Tutorial          By: Baven at 2008-07-22 15:55:52
5. View Comment

Thank you! This article helped me to solve this problem which I had no idea what to do with.

View Tutorial          By: Stan Devyatovsky at 2008-09-12 05:20:20
6. View Comment

Thx, this helped a lot.

How can I Import all the certificates from a old Java version to the new one?

today I updated to version xx.xxx.07 and all previous added certificates are gone in this Version.

Import everyone manually again is a little bit boring.


View Tutorial          By: Marko at 2008-10-09 01:32:37
7. View Comment

Thankx, the information was of great use, I appreciate the way things are explained

View Tutorial          By: sachin at 2008-12-13 03:37:11
8. View Comment

Thank You So Much ^,^
I get rid of that error


View Tutorial          By: moji junk at 2009-02-24 07:48:19
9. View Comment

Appriciated, The information is very useful and straight forward even for new developer.

View Tutorial          By: Bala Gummadi at 2009-02-24 10:01:50
10. View Comment

Thanks. Your post was clear and worked perfectly as I stumbled across this problem today.

Suma.


View Tutorial          By: Suma at 2009-03-05 09:40:08
11. View Comment

This is really helpful.

View Tutorial          By: srikanth at 2009-03-11 08:04:04
12. View Comment

Good ,I like here&#65281; I send gmail with javamail ,hava this exception ,it\'s very bad! who can help me!! thanks!
jackhexl@gmail.com


View Tutorial          By: jackhexl at 2009-04-02 03:29:44
13. View Comment

Thank you very much!!!

But I have the same error ("javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: ") yet :(


View Tutorial          By: Gemis at 2009-04-14 02:37:08
14. View Comment

Thanks a lot! This really helped!!!

View Tutorial          By: SuperSeppel13 at 2009-04-14 04:25:06
15. View Comment

Muchas gracias por compartir informacion. :)

View Tutorial          By: Anonymous at 2009-05-21 08:48:47
16. View Comment

Thanks it really works good
Continue


View Tutorial          By: vipul at 2009-07-14 02:21:18
17. View Comment

Your example is clear crisp and very helpful..

View Tutorial          By: sridhar at 2009-08-06 08:41:14
18. View Comment

Thanks a lot Ramlak! This is still very useful after 2 years of original posting today on 9 Aug 2009 !

Just one more question, if we don't have I.E. (e.g. firefox don't seem to have export option) how can i export the certificate?

Thanks.


View Tutorial          By: Jacky at 2009-08-08 23:49:12
19. View Comment

Thanks, it worked.

View Tutorial          By: Deepak Varier at 2009-08-19 03:38:07
20. View Comment

A big thanks to Ramlak for the detailed and crisp solution.

View Tutorial          By: Chidanand Gangur at 2009-08-27 06:02:16
21. View Comment

Gracias, it worked.

View Tutorial          By: Eduardo at 2009-09-09 12:16:30
22. View Comment

Nearly perfect help, but the path I had to use was $JAVA_HOME/jre/lib/security/cacerts instead of $JAVA_HOME/lib/security/cacerts

Thanks
Martin


View Tutorial          By: Martin Zeltner at 2009-09-15 04:15:19
23. View Comment

Thank you very much for your help!!

View Tutorial          By: Ajay Singh at 2009-10-21 22:17:21
24. View Comment

Hallo.

And if the certificate is self-signed so I haven't a CA root?

How do I have to proceed?

Thanks,
Mario


View Tutorial          By: Mario at 2009-11-11 08:42:46
25. View Comment

Just used InstallCert.java successfully so that my build server's Hudson could connect to Jira using the Hudson Jira plugin. My company's Jira instance is on SSL. Thanks!

View Tutorial          By: Anthony Pelosi at 2009-12-30 15:52:17
26. View Comment

Great details you provided here, very straight forward to follow. Cheers.

View Tutorial          By: Jackie Wong at 2010-02-05 10:52:25
27. View Comment

Thank you for Very good article.

View Tutorial          By: Pakornsak S at 2010-02-08 04:35:05
28. View Comment

Thank you for your help !

View Tutorial          By: vadym at 2010-03-03 06:35:01
29. View Comment

But I have the same error ("javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: ") yet

View Tutorial          By: azeemuddin at 2010-03-04 07:25:33
30. View Comment

This is by far the easiest way I have yet seem, many thanks. I was continually messing around trying to get SSL configured correctly and this will save me a lot of time and effort. I think I also had to restart the server for the JVM to pick up the new certificate.

View Tutorial          By: doahh at 2010-03-08 11:23:48
31. View Comment

Thanks. But I've also had to use $JAVA_HOME/jre/lib/security/cacerts
Thanks Martin Zeltner!


View Tutorial          By: Alex at 2010-03-15 04:17:09
32. View Comment

Thanks a lot! simple and clear explanation! Great!

View Tutorial          By: Fabio Henrique at 2010-03-29 15:23:56
33. View Comment

excellent, very clear, thx!!!

View Tutorial          By: ma at 2010-04-07 07:42:47
34. View Comment

Your post was very informative... Thanks a lot. My problem finally got solved

View Tutorial          By: Rohit Shaw at 2010-04-12 04:29:02
35. View Comment

Thanks
Your solution helped me a lot :)


View Tutorial          By: sendhil at 2010-05-28 01:12:41
36. View Comment

Your solution is really helped me. Thanks for your information.

View Tutorial          By: Rajakumar at 2010-05-31 06:05:53
37. View Comment

Thanks
muchas gracias
Excellent


View Tutorial          By: Alfredo at 2010-05-31 09:00:36
38. View Comment

Really great way of explanation..... :)
Thanks.....


View Tutorial          By: akram at 2010-07-08 04:07:17
39. View Comment

hi, Thanks to the post.
I am stuck on step 2. the warning dialog is not getting when try the same url on IE. And the certificate is not listed in Options->content..
any help ?


View Tutorial          By: david_david at 2010-08-21 01:10:19
40. View Comment

Thank you very much..
This helped me a lot.


View Tutorial          By: Rabeea AS at 2010-11-15 00:28:29
41. View Comment

Thank you very much. Very useful. You are the best....

View Tutorial          By: lin at 2011-01-19 00:09:35
42. View Comment

Your solution has really helped me and educated me. Thanks for the tips. :-)

View Tutorial          By: Tziq at 2011-01-25 08:06:06
43. View Comment

Awesome work! Ramlak, thank you for your help!

View Tutorial          By: ico at 2011-03-21 04:23:11
44. View Comment

Thank you, you save my day!!

View Tutorial          By: jano at 2011-05-26 17:20:47
45. View Comment

Thanks a lot lot lot for this... u saved me...

View Tutorial          By: Sourabh Idoorkar at 2011-06-10 04:25:10
46. View Comment

Thanks a lot for this very fruitful and amazingly fast

View Tutorial          By: Gaurav Saxna at 2011-06-15 06:20:18
47. View Comment

hi,
How to create certificate from https://.... url which does not provide the certificate

thanks in advanced


View Tutorial          By: CN Balu Ramesh at 2011-07-19 08:38:31
48. View Comment

I dont want my client using my application to do all the steps you mentioned. Is there any other way??

View Tutorial          By: zaffa at 2011-07-27 06:52:09
49. View Comment

Thanks, very helpful. Worked perfectly.

View Tutorial          By: Bob Knob at 2011-07-27 18:22:18
50. View Comment

Dude, you made my day.

View Tutorial          By: Sebastián at 2011-08-29 14:01:10
51. View Comment

Thanks a lot lot lot for this, but when I run the application from the IDE e doesn't dive any exception and the strange thing is when I run from the command line I got the same exception

View Tutorial          By: Kedjimo at 2011-10-06 06:13:10
52. View Comment

Hi. When i click on Install certificate. It tells "The Import was successfull". And when i login to the site again it shows me the same certificate error and i dont see a citrix folder in my c:/Program Files folder... Need Help... Thanks in Advance!

View Tutorial          By: jaris at 2011-10-18 11:00:41
53. View Comment

Thank you very much you resolved my issue.

View Tutorial          By: ketan at 2012-02-01 11:16:47
54. View Comment

There is 3rd Party webservices hosted over HTTPS, while consuming webservice i am facing SSL handshake failure error.

For security reasons we do no have access to 3rd party url or service, its only our client can access from there environment.

I have done enough hit and trial but still not succeeded.

Our application is running on Weblogic 9.2.

3rd party have provided the certificate (.p7b format). I have imported these certificates in the javakeystore (cacerts), even in the weblogic keystores (demotrust.jks), but still same error. I have tried different combination of importing the certificate in keystore, i can see the entry of teh certificate in the keystore as well.

Even the stubs we have asked the client to generate in there environment(since we cannot acces from our environment), using HTTP stubs are getting generated but using HTTPS, it gives SSL handshake failure.

I think if we resolve this issue, then application will also run.

Application runs fine on http, but on https it gives SSL handshake failure error.

I have properly converted from (.p7b to .cer format and then imported), even used .p7b to .pem to .der format and then imported in the java keystore, demotrust.jks, but still does not work.

Am i missing any steps, please let me know.


View Tutorial          By: Ankur at 2012-02-24 16:49:59
55. View Comment

Unable to connect with https:\\localhost:8443 but i can with 8080
My Enviroment is :
Java: C:\Program Files\Java\jdk1.6.0\bin
Tomcat : D:\Apache Software Foundation\Tomcat 6.0
Generating the KeyStore file
C:\Program Files\Java\jdk1.6.0\bin
keytool -genkey -alias techtracer -keypass ttadmin -keystore techtracer.bin -storepass ttadmin
Configured Tomcat for using the Keystore file
1. My http port no :
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
2. . Put the techtracer.bin file in the webapps directory of Tomcat
3. Configured Https Port
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="../webapps/techtracer.bin" keystorePass="ttadmin" />
I started the server with http://localhost:8080
Its working fine
But while its not working fine with https://localhost:8443


plz help me out


View Tutorial          By: gopala krishna at 2012-04-02 07:17:09
56. View Comment

Great Help...

View Tutorial          By: adity at 2012-04-27 05:34:26
57. View Comment

Thanks it did help to get complete clarity

View Tutorial          By: Vivek The Great at 2012-05-07 17:31:32
58. View Comment

Very Helpful.

View Tutorial          By: nfahem at 2012-05-09 10:50:29
59. View Comment

Don't you just love people who all assume we use windows......

C: drive... whats that ;)


View Tutorial          By: Alan at 2012-08-01 09:10:26
60. View Comment

Thank you. This is really awesome... Helped us a lot

View Tutorial          By: Shivakumar at 2012-09-12 15:23:21
61. View Comment

Thanks..it really worked well...!!!!

View Tutorial          By: Neelanjana at 2012-09-14 06:07:06
62. View Comment

Hi. I put the file .cert in two paths:
C:\Progra~2\Java\jre6\lib\security\cacerts

C:\progra~2\Java\jdk1.6.0_17\jre\lib\security\cacerts

The certificate is validated for one application, that is Developer por Remedy, here is correct.

But when i use the client AR User, i get the error. I dont know if i need to put the file .cert in other cacerts of my application, likes this path:

D:\Program Files (x86)\BMC Software\ARSystem\BMCARSystemInstallJVM\lib\security

Somebody can help me please.
Thanks


View Tutorial          By: ALFREDO at 2012-09-18 16:22:16
63. View Comment

What about for an iPad and iPhone!

View Tutorial          By: Kamalakannan at 2012-09-21 06:10:39
64. View Comment

Thanks very much, this helped alot.

View Tutorial          By: Steve at 2012-10-09 21:09:16
65. View Comment

Awesome and straight forward

View Tutorial          By: Nag at 2012-11-07 23:47:10
66. View Comment

Thanks very much....its very simple explained.....thanks a lot.....

View Tutorial          By: nizam at 2012-12-17 09:43:11
67. View Comment

You have simply saved my life. After 2 days dealing with this problem this tutorial was the only one that worked for me.
Thank you for the detailed information.

THANKS A LOT


View Tutorial          By: Mário Buratto at 2013-01-11 19:54:36
68. View Comment

works too with deepnet security platform as to import ssl CA certificates from local PKI

View Tutorial          By: biloute at 2013-05-29 11:04:51
69. View Comment

Thank you very much. This is the easiest and also the best way.

View Tutorial          By: Mehmet Üsküp at 2013-06-17 21:08:08
70. View Comment

BIG Thanks for such wonderful tutorial :) :) :)

View Tutorial          By: dhruva at 2013-07-10 08:56:27
71. View Comment

give me the code

View Tutorial          By: roger at 2013-10-10 19:44:07
72. View Comment

Thanks, it solved my problem with "sun.security.validator.ValidatorException: PKIX path building failed"! One note: on Windows this command should be run in CMD.exe (not cygwin) and under Administrator account.

View Tutorial          By: haasdg at 2013-10-29 14:12:51
73. View Comment

Hey thnx. Solved my "inconvinience" ;P

View Tutorial          By: Hesam Ossanloo at 2013-12-19 15:13:31
74. View Comment

Hi,i'm added the certificate to java keystore,But still i'm getting below exception stack.This problem i'm getting only at production side, means working fine at devlopment side. Note:At production side, If i tried the third party url in browser then its working fine.
So, Please help me out regarding. Thanks in advance.

org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78)
at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at com.infrasofttech.omni.equifax.ws.integration.jaxb.generated.V10Stub.getConsumerCreditReport(V10Stub.java:182)
at com.infrasofttech.omni.framework.MFI.M006012Action.process(M006012Action.java:472)
at com.infrasofttech.omni.framework.controllerextn.OmniAction.execute(OmniAction.java:87)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:226)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:415)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.infrasofttech.omni.framework.core.multilingual.RequestEncodingFilter.doFilter(RequestEncodingFilter.java:23)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)
Caused by: com.ctc.wstx.exc.WstxIOException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1692)
at com.ctc.wstx.sw.BaseStreamWriter.close(BaseStreamWriter.java:288)
at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.close(XMLStreamWriterWrapper.java:46)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:222)
at org.apache.axiom.om.impl.llom.OMSerializableImpl.serializeAndConsume(OMSerializableImpl.java:192)
at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74)
... 40 more
Caused by: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkWrite(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99)
at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
at com.ctc.wstx.sw.BufferingXmlWriter.close(BufferingXmlWriter.java:194)
at com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1690)
... 45 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99)
at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:230)
at org.apache.axis2.databinding.ADBDataSource.serialize(ADBDataSource.java:91)
at org.apache.axiom.om.impl.llom.OMSourcedElementImpl.internalSerialize(OMSourcedElementImpl.java:638)
at org.apache.axiom.om.impl.util.OMSerializerUtil.serializeChildren(OMSerializerUtil.java:563)
at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerialize(OMElementImpl.java:846)
at org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.serializeInternally(SOAPEnvelopeImpl.java:267)
at org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.internalSerialize(SOAPEnvelopeImpl.java:229)
at org.apache.axiom.om.impl.llom.OMSerializableImpl.serializeAndConsume(OMSerializableImpl.java:188)
... 41 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 64 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 70 more


View Tutorial          By: chakri at 2014-09-18 07:22:41
75. View Comment

Well written article! Thank You ! My maven build issue got solved after following your article!

View Tutorial          By: Nagesh at 2014-11-20 07:44:00
76. View Comment

Thanks for this tuto , simple and very useful :)

View Tutorial          By: Firas at 2014-11-24 16:49:07
77. View Comment

Very nice.
Thanks


View Tutorial          By: Kaviya at 2015-02-23 13:48:15
78. View Comment

hi,

i'm a jmeter user.in my test i tried to send a mail .it throwing the same pkix error certificate not found.I tried the scenario manually in IE ,i have no problem the certificate installed already.what could be the problem can you please help me out of this problem?


View Tutorial          By: mahesh at 2015-03-06 16:58:05
79. View Comment

Thanks!

View Tutorial          By: misterTi at 2015-03-18 17:48:41
80. View Comment

hi i unable to retrive am getting below exception while sending email from my server.

But above solution i tried in browser .when paste my URL in IE Browser .am not getting any dialog box warning .what i have to do.Otherwise any other way is there for getting certificate.Please Help me

This is My project URL: http://localhost:7070/spring-mvc-annotation3-220215/

javax.mail.SendFailedException: Sending failed;
nested exception is:
class javax.mail.MessagingException: Exception reading response;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Hibernate: select customerlo0_.CUSTACCNUM_ID as CUSTACCN1_0_, customerlo0_.firstName as firstNam2_0_, customerlo0_.lastName as lastName3_0_, customerlo0_.email as email4_0_, customerlo0_.address as address5_0_, customerlo0_.userName as userName6_0_, customerlo0_.password as password7_0_, customerlo0_.registerEmail as register8_0_ from CUS_REG_MVC customerlo0_ where customerlo0_.registerEmail='No'
at javax.mail.Transport.send0(Transport.java:218)
at javax.mail.Transport.send(Transport.java:80)
at com.spring.mvc.thread.EmailThread.sendPartialEmail(EmailThread.java:81)
at com.spring.mvc.thread.EmailThread.executionProcess(EmailThread.java:45)
at com.spring.mvc.thread.EmailThread.run(EmailThread.java:25)


View Tutorial          By: vignesh at 2015-03-25 17:14:58
81. View Comment

Thank you... Helpful :)

View Tutorial          By: Soopy at 2015-03-31 06:24:57
82. View Comment

very useful. Thx

View Tutorial          By: reddy at 2015-05-07 09:58:19
83. View Comment

Amazing tutorial!! This is what I was exactly looking for!. Thanks alot. It works perfectly.!

View Tutorial          By: Sumanth Vaidya at 2015-06-17 18:19:16
84. View Comment

hey what If I'm connecting to a server(XMPP in my case). How shall I get the certificate??

View Tutorial          By: garima at 2015-08-10 13:23:40
85. View Comment

This is a great idea if I am targeting the required url using Browser interface. I need some assistance to update the certificate on Burp Proxy, since I am sending request from SoapUI with Burp as proxy.

View Tutorial          By: Shanthamurthy Hanumantharayappa at 2015-09-14 16:45:22

Your name (required):


Your email(required, will not be shown to the public):


Your sites URL (optional):


Your comments:



More Tutorials by Ramlak
While Loop in VB.net
For Each…Next Loop in VB.net
For Loop in VB.net
Do Loop in VB.net
Setting Up SSL on Tomcat
Unicode and UTF-8 in C
Sample program to demonstrate the use of ActionListener
java.io.IOException: HTTPS hostname wrong: should be
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
NotifyUtil::java.net.ConnectException: Connection refused: connect
'LINK.EXE' is not recognized as an internal or ext
Using Transactions in JDBC
What is the ACID principal?
How connection pooling works in Java and JDBC
A simple JDBC application sample code

More Tutorials in Java Beans
Creating a JavaBean to Connect with Google API
Spring Vs EJB ( A feature comparison)
What is EJB server and what are EJB Components?
JavaBeans Basic Concepts
JavaBeans vs. Custom Tags
Java Beans and the Expression Language
A sample that shows Java Beans, Servlets and JSP working together
Advantages of Java Beans
Design Patterns for Properties in a Java Bean
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ADVANTAGES OF EJB
Steps to develop EJB Environment
EJB is a server side component:
Entity Bean
History Of Java

More Latest News
Most Viewed Articles (in Java Beans )
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
A sample that shows Java Beans, Servlets and JSP working together
Advantages of Java Beans
Design Patterns for Properties in a Java Bean
JavaBeans Basic Concepts
Reusable component
Java Beans and the Expression Language
Spring Vs EJB ( A feature comparison)
JavaBeans vs. Custom Tags
Creating a JavaBean to Connect with Google API
History Of Java
What is EJB server and what are EJB Components?
ADVANTAGES OF EJB
Steps to develop EJB Environment
EJB is a server side component:
Most Emailed Articles (in Java Beans)
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Advantages of Java Beans
What is EJB server and what are EJB Components?
Steps to develop EJB Environment
Java Beans and the Expression Language
Reusable component
Design Patterns for Properties in a Java Bean
JavaBeans Basic Concepts
Spring Vs EJB ( A feature comparison)
ADVANTAGES OF EJB
Entity Bean
JavaBeans vs. Custom Tags
Creating a JavaBean to Connect with Google API
EJB is a server side component:
A sample that shows Java Beans, Servlets and JSP working together