0

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;

I am working on a REST call from my windows development machine.

I have tried following the guidelines for adding a certificate in my java keystore in: "C:\Program Files (x86)\Java\jre1.8.0_271\lib\security\cacerts"

Infact I have another JAVA directory in: C:\Program Files\Java\jre1.8.0_271\lib\security\cacerts

I have tried storing my certificate in both keystores.

At the site, that is exposing a rest service, I save the certificate from my Google Chrome webbrowser

Clicking at the lock icon next to the web address field

enter image description here ...and under the details tab clicking on the "Copy to file" button. I use the Certificate Export Wizard and pick the first "DER encoded binary x.509 (.CER)" option.

I give the certificate a name "mycert.cer". Once I have it exported, I use the keytool command and add it to my JAVA keystore with the following command:

keytool -import -noprompt -trustcacerts -alias mycert -file "d:\MyCertificates\mycert.cer" -keystore "C:\Program Files (x86)\Java\jre1.8.0_271\lib\security\cacerts" -storepass changeit

I get a confirmation, that it is stored.

I try to invoke my a rest call and I get the same error. Can someone please clarify, what I need to do more? What am I missing?

I am doing all this in admin mode (local adminstrator) on my developer machine.

codingjoe
  • 707
  • 5
  • 15
  • 32

1 Answers1

0

How you are trying to invoke the API? Is it Spring RestTemplate or Any other clients?

Please provide your RestTemplate configurations.

  1. Check the cert validity at Leaf Level
  2. Check the cName is matching with endpoint or not if not you might hav to disable host name checking
  3. Try enabling ssl logging, javax.net.debug=ssl/all
NamingException
  • 2,388
  • 1
  • 19
  • 41
Suman Godisela
  • 19
  • 4
  • Yes, I am using RestTemplate. I am not sure what providing my RestTemplate configuration means. I am using interceptors to provide me log statements: static RestTemplate restTemplate = new RestTemplate(new BufferingClientHttpRequestFactory(new SimpleClientHttpRequestFactory())); My service works against another demo site, but not against our own REST service. Here I get the certificate error. – codingjoe Dec 21 '20 at 17:43
  • The only difference between the demo site and our own REST service is the endpoint address and username and password. – codingjoe Dec 21 '20 at 17:47
  • Check this once.. https://stackoverflow.com/questions/17619871/access-https-rest-service-using-spring-resttemplate. It seems you are using plain RestTemplate which is not suitable if you want to enable HTTPS – Suman Godisela Dec 21 '20 at 17:47
  • I have tried follwing this guide: https://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-security-validator-validatore – codingjoe Dec 21 '20 at 17:49
  • the demo site is https enabled or is it http? – Suman Godisela Dec 21 '20 at 17:53
  • The demosite is also https. – codingjoe Dec 21 '20 at 17:57
  • My implemetation against the demosite runs without any problems. All my tests are green. As soon as I change my REST URL and username / password to our TEST server, I get this exception. :( – codingjoe Dec 21 '20 at 17:59
  • Pls add javax.net.debug=ssl property to your vm options, this will enable ssl logging, you might be able to find the issue. – Suman Godisela Dec 21 '20 at 18:01
  • I am very new to JAVA. I have a .net and c# background. I am not sure, where I can set that property in my vm options...I am using IntelliJ. – codingjoe Dec 21 '20 at 18:03
  • Maybe like this -> https://stackoverflow.com/questions/39310673/enabling-ssl-debug-for-java-in-intellij – codingjoe Dec 21 '20 at 18:04
  • Found VM options under Run/Debug Configurations and under environment I have pasted the 'javax.net.debug=ssl' in the field. But it did not give me any change... nor in the output window – codingjoe Dec 21 '20 at 18:10
  • it will give you ssl logging.. check your cert is there or not. also is your rest endpoint is 2-way ssl or 1-way ssl. if nothing else works try to implement this way https://stackoverflow.com/questions/17619871/access-https-rest-service-using-spring-resttemplate. Though I still winder how it is working for demo site. Look at MaximeF answer – Suman Godisela Dec 21 '20 at 18:12
  • Where does it output ssl logging? I have added the 'javax.net.debug=ssl' in RUN -> Edit Configurations -> Spring Boot -> myapp - Environment - VM Options, but I don't see any logs anywhere. I am running my unittests and under run it just shows me the exception, that I have pasted in my question. I have also added the line in the idea64.exe.vmoptions along with the ssl.trustStore (keystore) file location and the ssl.trustStorePassword. – codingjoe Dec 22 '20 at 14:13