javax.naming.CommunicationException: simple bind failed: xxx.xyz:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10]

Jenkins JIRA | Florian Storz | 1 year ago
  1. 0

    Hi, when I change our ldap URL to ldaps I get following message and stack trace: We have imported the custom and intermediate certificate to trust store. In Applications like Sonarqube, Nexus or JIRA it works fine with the same certificates. No Connection to ldaps://xxx.xyz : javax.naming.CommunicationException: simple bind failed: xxx.xyz:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10] javax.naming.CommunicationException: simple bind failed: xxx.xyz:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.InitialContext.<init>(InitialContext.java:216) at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) at hudson.security.LDAPSecurityRealm$DescriptorImpl.doCheckServer(LDAPSecurityRealm.java:1058) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:123) at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:58) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:120) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:114) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:91) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:735) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) ... 87 more Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10 at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:352) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) ... 100 more Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10 at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:129) at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:212) at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79) at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347) ... 106 more

    Jenkins JIRA | 1 year ago | Florian Storz
    javax.naming.CommunicationException: simple bind failed: xxx.xyz:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10]
  2. 0

    [JENKINS-29099] LDAPS Algorithm constraints check failed - Jenkins JIRA

    jenkins-ci.org | 7 months ago
    javax.naming.CommunicationException: simple bind failed: xxx.xyz:636
  3. 0

    Hi, when I change our ldap URL to ldaps I get following message and stack trace: We have imported the custom and intermediate certificate to trust store. In Applications like Sonarqube, Nexus or JIRA it works fine with the same certificates. No Connection to ldaps://xxx.xyz : javax.naming.CommunicationException: simple bind failed: xxx.xyz:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10] javax.naming.CommunicationException: simple bind failed: xxx.xyz:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.InitialContext.<init>(InitialContext.java:216) at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) at hudson.security.LDAPSecurityRealm$DescriptorImpl.doCheckServer(LDAPSecurityRealm.java:1058) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:123) at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:58) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:120) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:114) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:91) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:735) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) ... 87 more Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10 at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:352) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) ... 100 more Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10 at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:129) at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:212) at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79) at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347) ... 106 more

    Jenkins JIRA | 1 year ago | Florian Storz
    javax.naming.CommunicationException: simple bind failed: xxx.xyz:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: 1.2.840.113549.1.1.10]
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    How to handle invalid SSL certificates with Apache HttpClient?

    Stack Overflow | 7 years ago | rauch
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  6. 0

    JAVA - Tomcat 5 Application connecting to Web Service using HTTPS, while Tomcat 7 Application does not

    Stack Overflow | 3 years ago | Ryan S
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  1. Andreas Häber 8 times, last 3 weeks ago
  2. tvrmsmith 4 times, last 2 months ago
  3. Dore 1 times, last 3 months ago
  4. andyglick 17 times, last 2 months ago
  5. davidvanlaatum 10 times, last 4 months ago
2 more registered users
58 unregistered visitors
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. java.security.cert.CertPathValidatorException

    Algorithm constraints check failed: 1.2.840.113549.1.1.10

    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate()
  2. Java RT
    Validator.validate
    1. sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:129)
    2. sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:212)
    3. sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
    4. sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
    5. java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
    6. sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347)
    7. sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249)
    8. sun.security.validator.Validator.validate(Validator.java:260)
    8 frames
  3. Java JSSE
    AppOutputStream.write
    1. sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    2. sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    3. sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    4. sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
    5. sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
    6. sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    7. sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    8. sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
    9. sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
    10. sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:735)
    11. sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
    11 frames
  4. Java RT
    InitialDirContext.<init>
    1. java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
    2. java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
    3. com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)
    4. com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399)
    5. com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
    6. com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
    7. com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
    8. com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
    9. com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
    10. com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
    11. com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
    12. com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
    13. javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    14. javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
    15. javax.naming.InitialContext.init(InitialContext.java:244)
    16. javax.naming.InitialContext.<init>(InitialContext.java:216)
    17. javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
    17 frames
  5. Hudson
    LDAPSecurityRealm$DescriptorImpl.doCheckServer
    1. hudson.security.LDAPSecurityRealm$DescriptorImpl.doCheckServer(LDAPSecurityRealm.java:1058)
    1 frame
  6. Java RT
    Method.invoke
    1. sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    2. sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    3. sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    4. java.lang.reflect.Method.invoke(Method.java:497)
    4 frames
  7. Stapler
    Stapler.service
    1. org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
    2. org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
    3. org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
    4. org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
    5. org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    6. org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    7. org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    8. org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
    9. org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    10. org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    11. org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    12. org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
    13. org.kohsuke.stapler.Stapler.service(Stapler.java:238)
    13 frames
  8. JavaServlet
    HttpServlet.service
    1. javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    1 frame
  9. Jetty
    ServletHandler$CachedChain.doFilter
    1. org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
    2. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
    2 frames
  10. Hudson
    PluginServletFilter$1.doFilter
    1. hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:123)
    1 frame
  11. hudson.plugins.greenballs
    GreenBallFilter.doFilter
    1. hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:58)
    1 frame
  12. Hudson
    PluginServletFilter.doFilter
    1. hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:120)
    2. hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:114)
    2 frames
  13. Jetty
    ServletHandler$CachedChain.doFilter
    1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    1 frame
  14. Hudson
    CrumbFilter.doFilter
    1. hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:91)
    1 frame
  15. Jetty
    ServletHandler$CachedChain.doFilter
    1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    1 frame
  16. Hudson
    ChainedServletFilter$1.doFilter
    1. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    2. hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    3. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    3 frames
  17. jenkins.security
    ExceptionTranslationFilter.doFilter
    1. jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
    1 frame
  18. Hudson
    ChainedServletFilter$1.doFilter
    1. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    1 frame
  19. Acegi Security Core
    AnonymousProcessingFilter.doFilter
    1. org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    1 frame
  20. Hudson
    ChainedServletFilter$1.doFilter
    1. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    1 frame
  21. Acegi Security Core
    RememberMeProcessingFilter.doFilter
    1. org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
    1 frame
  22. Hudson
    ChainedServletFilter$1.doFilter
    1. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    1 frame
  23. Acegi Security Core
    AbstractProcessingFilter.doFilter
    1. org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    1 frame
  24. Hudson
    ChainedServletFilter$1.doFilter
    1. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    1 frame
  25. jenkins.security
    BasicHeaderProcessor.doFilter
    1. jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
    1 frame
  26. Hudson
    ChainedServletFilter$1.doFilter
    1. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    1 frame
  27. Acegi Security Core
    HttpSessionContextIntegrationFilter.doFilter
    1. org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    1 frame
  28. Hudson
    HudsonFilter.doFilter
    1. hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
    2. hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    3. hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    4. hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
    4 frames
  29. Jetty
    ServletHandler$CachedChain.doFilter
    1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    1 frame
  30. Stapler
    CompressionFilter.doFilter
    1. org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
    1 frame
  31. Jetty
    ServletHandler$CachedChain.doFilter
    1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    1 frame
  32. Hudson
    CharacterEncodingFilter.doFilter
    1. hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    1 frame
  33. Jetty
    ServletHandler$CachedChain.doFilter
    1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    1 frame
  34. Stapler
    DiagnosticThreadNameFilter.doFilter
    1. org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    1 frame
  35. Jetty
    AsyncHttpConnection.handle
    1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
    2. org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
    3. org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
    4. org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
    5. org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
    6. org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
    7. org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
    8. org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
    9. org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
    10. org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    11. org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    12. org.eclipse.jetty.server.Server.handle(Server.java:370)
    13. org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
    14. org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
    15. org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
    16. org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
    17. org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
    18. org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    18 frames
  36. GWT dev
    SelectChannelEndPoint$1.run
    1. org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
    2. org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
    2 frames
  37. winstone
    BoundedExecutorService$1.run
    1. winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
    1 frame
  38. Java RT
    Thread.run
    1. java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    2. java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    3. java.lang.Thread.run(Thread.java:745)
    3 frames