Fix PKIX (PKIX path building failed) problem unable to find valid certification path to requested target

Source: Internet
Author: User
Tags free ssl free ssl certificate ssl certificate

Recently writing a service in Java, you need to send a POST request to the remote server, the authentication mode is Basic authentication, in the request process appears

PKIX Path Building failed: sun.security.provider.certpath.SunCertPathBuilderException: Unable to find valid Certification path to requested target error, so start searching and get resolved,

The following summarizes the resolution process:

All we have to do is import the security certificate of the URL you want to access to the client, and here's one way to get the security certificate:

1. First create a new Java class, named Installcert.java, to save the following to the file

/* Copyright 2006 Sun Microsystems, Inc. All rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, is permitted provided that the FOL lowing conditions * is met: * *-redistributions of source code must retain the above copyright * notice, this LIS T of conditions and the following disclaimer. * *-redistributions in binary form must reproduce the above copyright * Notice, this list of conditions and the FO Llowing Disclaimer in the * documentation and/or other materials provided with the distribution. * *-Neither the name of Sun Microsystems nor the names of its * contributors is used to endorse or promote pro Ducts derived * from this software without specific prior written permission. * * This software are provided by the COPYRIGHT holders and CONTRIBUTORS ' as * is ' and any EXPRESS OR implied warranties, I Ncluding, LIMITED to, * The implied warranties of merchantability and FITNESS for A partIcular * PURPOSE is disclaimed. In NO EVENT shall the COPYRIGHT OWNER OR * CONTRIBUTORS is liable for any DIRECT, INDIRECT, incidental, special, * EXEMPLA RY, or consequential damages (including, but not LIMITED to, * procurement of substitute GOODS OR SERVICES; LOSS of Use, DATA, OR * profits; or business interruption) however caused and on any theory of * liability, WHETHER in contract, STRICT liability, OR TORT (including * negligence OR OTHERWISE) Arising in an any-out-of-the-software, even IF advised of the possibility of SUCH DAMAGE. */import java.io.*;import java.net.url;import java.security.*;import java.security.cert.*;import javax.net.ssl.*; public class Installcert {public static void main (string[] args) throws Exception {String host;int port;char[] Passphr Ase;if ((Args.length = = 1) | | (Args.length = = 2))    {string[] c = Args[0].split (":");    host = C[0]; Port = (C.length = = 1)?    443:integer.parseint (c[1]); String p = (Args.length = = 1)? "ChangEIT ": args[1]; Passphrase = P.tochararray ();}    else {System.out.println ("Usage:java installcert 

2. I put the file into the D-Packing directory, open the cmd command to start compiling this Java file

First, enter the Java installation directory in CMD and then use Javac to compile the file.

When the file is compiled, it will be in the same directory as two classes (Installcert.class,installcert$savingtrustmanager.class)

3. Execute installcert.class with the command: Java installcert hostname (hostname is the address of the requesting server) For example: Java installcert Www.cebban K.com

Next you will see the following print information

Java installcert www.cebbank.comLoading keystore/usr/java/jdk1.6.0_31/jre/lib/security/cacerts ... Opening connection to www.cebbank.com:443...Starting SSL handshake...javax.net.ssl.sslhandshakeexception: Sun.security.validator.ValidatorException:PKIX Path Building failed:  Sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target At Com.sun.net.ssl.internal.ssl.Alerts.getSSLException (alerts.java:174) at Com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal (sslsocketimpl.java:1731) at Com.sun.net.ssl.internal.ssl.Handshaker.fatalSE (handshaker.java:241) at Com.sun.net.ssl.internal.ssl.Handshaker.fatalSE (handshaker.java:235) at Com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate (clienthandshaker.java:1206) at Com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage (clienthandshaker.java:136) at Com.sun.net.ssl.internal.ssl.Handshaker.processLoop (handshaker.java:593) at Com.sun.net.ssl.internal.ssl.Handshaker.Process_record (handshaker.java:529) at Com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord (Sslsocketimpl.java : 925) at Com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake (sslsocketimpl.java:1170) at Com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake (sslsocketimpl.java:1197) at Com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake (sslsocketimpl.java:1181) at Installcert.main ( installcert.java:102) caused By:sun.security.validator.ValidatorException:PKIX path building failed:  Sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target At Sun.security.validator.PKIXValidator.doBuild (pkixvalidator.java:323) at Sun.security.validator.PKIXValidator.engineValidate (pkixvalidator.java:217) at Sun.security.validator.Validator.validate (validator.java:218) at Com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate (x509trustmanagerimpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.chEckservertrusted (x509trustmanagerimpl.java:209) at installcert$savingtrustmanager.checkservertrusted ( installcert.java:198) at Com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate (Clienthandshaker.java : 1198) ... 8 morecaused by:sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to r equested Target at Sun.security.provider.certpath.SunCertPathBuilder.engineBuild (suncertpathbuilder.java:174) at Java.security.cert.CertPathBuilder.build (certpathbuilder.java:238) at Sun.security.validator.PKIXValidator.doBuild (pkixvalidator.java:318) ... Moreserver sent 1 certificate (s): 1 Subject cn=www.cebbank.com, ou=terms of Use at Www.verisign.com/rpa (c), OU=CEB,  o= "China Everbright Bank Co., Ltd.", L=beijing Issuer cn=verisign Class 3 Extended Validation SSL CA, ou=terms of use at Https://www.verisign.com/rpa (c), Ou=verisign Trust Network SHA1 5b D2 (6e b3 A4 2b) A2 b3 be 3e 1f C9 D 3 CE MD5 D8AE EE F1 D9 6d 2f one E0 ac d0 E7 D7 Enter certificate to add to trusted KeyStore or ' Q ' to quit: [1] 

Then enter 1 and return, and you will see a print message similar to the following

[[Version:v3 subject:cn=service.uvpan.com Signature algorithm:sha256withrsa, OID = 1.2.840.113549.1.1.11 Key:sun RSA public key, 2048 bits modulus: 2317881986088761194721144827895009499442274743468275577704628532297417478535497639506207262352323425190699116736804712264 97
6343089615433321721691373685786049550215289422461119118154090881855491366608379049685302637706174908250710292817088055812 87573146382156
9885471254135314307596085258525113184234068444452341681733679071130711528097710406970295664697529552093903981033990689382 88619962718137
3674868501753185286836657606758066747142393165835640040523017880256030555956691753813436498142943955042622976588004799964 700139167420116
5072543279163545224784152093458502039083825500983120089499582892294317486244911305201899 Public exponent:65537 Validity: [from:wed June 15:36:32 CST, To:fri June 15:36:32 CST 2018] Issuer:cn=wosign CA free SSL Certificate G2, o=wosign CA Limited, C=CN serialnumber: [4c4a82ba 115c1eed fd6861f6 e8e6c15d]certificate Extensio NS:9[1]: objectid:1.3.6.1.5.5.7.1.1 criticality=falseauthorityinfoaccess [[ACCESSMETHOD:OCSP Accesslocation:uri Name:http://ocsp1.wosign.com/ca6/server1/free, Accessmethod:caissuers accesslocation:uriname:http:// AIA1.WOSIGN.COM/CA6.SERVER1.FREE.CER]][2]: objectid:2.5.29.35 criticality=falseauthoritykeyidentifier [ KeyIdentifier [0000:d2 A7 7C AF D9, 9E EB 0A, F2 E0 B9 ..... C..... 0010:74 0E A8 C7 t ...] [3]: objectid:2.5.29.19 criticality=falsebasicconstraints:[ca:false pathlen:undefined][4]: objectid:2.5.29.31 Criti cality=falsecrldistributionpoints [ [Distributionpoint: [URINAME:HTTP://CRLS1.WOSIGN.COM/CA6-SERVER1-FREE.CRL]] [5]: objectid:2.5.29.32 criticality=falsecertificatepolicies [[Certificatepolicyid: [2.23.140.1.2.1][]] [Certificat Epolicyid: [1.3.6.1.4.1.36305.1.1.2][policyqualifierinfo: [qualifierid:1.3.6.1.5.5.7.2.1 qualifier:0000:16 1D 68 74 3 A 2F 2F all-in-73 2E http://www.wos0010:69 6E 2E 6F 6D 2F (6F 6C) ign.com/policy/[2F]]][6]: objectid:2.5.29.37 criti Cality=falseextendedkeyusages [ClientAuth serverauth][7]: objectid:2.5.29.15 criticality=truekeyusage [DigitalSigna Ture key_encipherment][8]: objectid:2.5.29.17 criticality=falsesubjectalternativename [dnsname:service.uvpan.com][ 9]: objectid:2.5.29.14 criticality=falsesubjectkeyidentifier [KeyIdentifier [0000:41 1E C2 CA C5 C6 DE 3 a 3B 0B EE 3B A .....;..; ". 0010:76 C3 VC.V]] algorithm: [Sha256withrsa] signature:0000:2c AC be 2D 4 a 2F 1F AE F3 7B,.. -j8/... 8.D.X.0010:B9 8C B6-9A Be-FD-A9-DA .... Y.b ... P. " ... 0020:C2 ED 6B, E2, A6 A1 1C, A0, B7 1D 2E. K2 ....... 0030:93 9C B7 6C BB F3 FB, AF F6 3E 5A 0B A5 ... 0040:46 1F 4F 5F 6B 0B FF B2 B2 E2 f.o_.k CA W... 1...0050:78 A6 2B DA A1 8D EA-DF E8 BB CF F3 F9 xd.+ ..... U.0060:10 B0 BA 8D D2 7A EB D4-D6-D8 ... z.. F....E.0070:2A EB 6A 98 B8 BC A0 8A the EF FE E5 *u.j. R....f ... 0080:48 1 A 9B CB D9 1C D5 5A C1 xx h......fb. Z... 0090:00 8C F2 E8 A8 3D, FC F0 5A B3 36.. Hc.. B.=f8. Z.600A0:C9-C1 2A CC (AB). G.. *.. Q. ((. F ... 00b0:f6 C0 6B B9 EC 6A 7C E8 EF AD F4 EC ... E.K. J....... 00C0:BF FF D0-EB CD E0 7A F0 B0 ... 9.E..).. EZ).. 00d0:9c F8 E2 F7 8C AF FE 9D F5 1E A9 A9 ........ x ... 00e0:f5 7E 6D B7 AF B2 D7 C9 5C FD FC p-P FA 1D. M...R. \.. A... 00f0:e8 AC D5 1C 3D A5 B9 87 38 86 20 .... R.G=VV ... 8.]added certificate to KeyStore ' Jssecacerts ' using alias ' service.uvpan.com-1 '

  

At the same time we will find that a certificate named Jssecacerts has been generated in the current directory

Copy the certificate named Jssecacerts again in the \\%java_honme%\\jre\\lib\\security\\ directory

Finally restart the application of the service, the certificate will take effect, you can send the request normally (restart Tomcat).  

Fix PKIX (PKIX path building failed) problem unable to find valid certification path to requested target

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.