javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

tip
Do you find the tips below useful? Click on the to mark them and say thanks to rp . Or join the community to write better ones.
  1. 0
    samebug tip
    Import the server certificate into your truststore.
  2. 0

    building sbe - gradle certificate issue

    GitHub | 3 months ago | prashn
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  3. 0

    davmail on debian slug ...

    davmail | 8 years ago | sansp00
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Please note that this bug will disable the synchrony-proxy mode in 6.0.1. If /synchrony is being used, you won't need to be worried about this bug. After changing Confluence to use HTTPS configuration isSynchronyProxyRunning check fails with exception {code:java}javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509){code} h4. *Workaround* Try importing the certificate into Confluence keystore [https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html] To convert an existing certificate key pair (e.g. configured in the Nginx configuration) to a Java keystore, please use the following commands: *OpenSSL for converting crt/key files to P12* {code:java}openssl pkcs12 -export -name servercert -in <cert-file>.crt -inkey <cert-file>.key -out <cert-file>.p12 {code} *Keytool for converting p12 to JKS* {noformat}keytool -importkeystore -destkeystore keystore.jks -srckeystore <cert-file>.p12 -srcstoretype pkcs12 -alias servercert {noformat} After that, we need to put the following line into the {{setenv.sh}} file: {noformat}CATALINA_OPTS="-Djavax.net.ssl.trustStore=<path-to-keystore-file>/keystore.jks ${CATALINA_OPTS}" {noformat} or in the {{setenv.bat}} file: {noformat}set CATALINA_OPTS=-Djavax.net.ssl.trustStore=<path-to-keystore-file>/keystore.jks %CATALINA_OPTS% {noformat} Please note that the Confluence cannot detect if the proxy is running at startup. The user still needs to restart Synchrony (in the admin screen) to enable this internal proxy. (This issue will be fixed in 6.0.2) h4. *Solution* In 6.0.2, *http* and *localhost* will be used as the scheme and hostname when checking the running status of the proxy. Since Tomcat cannot guarantee that it will finish starting up the synchrony-proxy before the healthcheck is executed (Therefore, this is a race condition). The synchrony-proxy will be assumed to be running always. If it is stopped for some reasons, the error will be logged out in the Confluence's log file.

    Atlassian JIRA | 5 months ago | Brendan McNamara
    sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  6. 0

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:

    Stack Overflow | 3 years ago | John
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    1 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. javax.net.ssl.SSLHandshakeException

      sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      at sun.security.ssl.Alerts.getSSLException()
    2. Java JSSE
      ClientHandshaker.serverCertificate
      1. sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      2. sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
      3. sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
      4. sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
      5. sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
      5 frames