Reputation: 18848
PKIX path building failed sun.security.provider.certpath.SunCertPathBuilderException
All of sudden today I am facing this issue when I am trying to call an api. This issue was not existing till last night and now it's killing my application
SearchRadiusAction - url: https://connection.api.isp.mynetwork.be/getAccount2.cgi sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Last night it went to production and now it's not working where it worked fine earlier.
I would like to know how to fix this if possible without code change.
Upvotes: 0
Views: 4751
Answers (2)
Reputation: 2238
I faced this problem as well, after importing the certificates of the mail server and the CA, the problem still persisted.
As a general rule, enable SSL debugging by adding the option
-Djavax.net.debug=ssl
This shows the actual key stores and certificates loaded.
In my particular case, the reason was quite surprising: Avast anti-virus was doing man-in-the-middle between my application server (WildFly) and the remote TLS connection :O
Here are the logs:
15:49:57,112 INFO [stdout] (default task-56) chain [0] = [
15:49:57,112 INFO [stdout] (default task-56) [
15:49:57,113 INFO [stdout] (default task-56) Version: V3
15:49:57,113 INFO [stdout] (default task-56) Subject: CN=mail.irisel.com, O=Irisel Consulting SL, L=Tres Cantos, ST=Madrid, C=ES
15:49:57,114 INFO [stdout] (default task-56) Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
15:49:57,114 INFO [stdout] (default task-56)
15:49:57,115 INFO [stdout] (default task-56) Key: Sun RSA public key, 1024 bits
15:49:57,116 INFO [stdout] (default task-56) modulus: 138674107939081515882972971404534700919819495458616389928335346488718131998599706435849369388241463110190321699739219608756226058473158126297068838696077495178250043211055383692800846587509903813185937024462913474510326460163355093830472808797012578670617819870186505308700964920784184093349004872582841740643
15:49:57,116 INFO [stdout] (default task-56) public exponent: 65537
15:49:57,117 INFO [stdout] (default task-56) Validity: [From: Thu Oct 01 11:52:40 CEST 2015,
15:49:57,117 INFO [stdout] (default task-56) To: Tue Oct 09 11:52:40 CEST 2040]
15:49:57,118 INFO [stdout] (default task-56) Issuer: CN=Avast Web/Mail Shield Root, O=Avast Web/Mail Shield, OU=generated by Avast Antivirus for SSL/TLS scanning
15:49:57,118 INFO [stdout] (default task-56) SerialNumber: [ 456c195d c1429a4b a1b6da53 c03eb04b]
Often I think that antivirus create more problems than they solve...
Upvotes: 0
Reputation: 18848
I found a solution.
I just downloaded the certificate files from the opposite server and installed them in my application server. :)
Upvotes: 2
Related Questions
- Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
- How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?
- SSLHandshakeException: PKIX path building failed SunCertPathBuilderException: unable to find valid certification path to requested target
- PKIX path building failed in Java application
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed
- sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
- sun.security.validator.ValidatorException: PKIX path building failed
- Java "sun.security.validator.ValidatorException: PKIX path building failed" certificate validation error
- PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: