Reputation: 221
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException error
we are working with Google's recaptch and after importing the corresponding certificate(using java application), we still have the error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
We are using JDK_1.7.51 and Tomcat8.
We listed the certificates and can see that the certificate is present and valid, even this we still have the exception mentioned before:
Alias name: google.com Creation date: 7-aug-2017 Entry type: trustedCertEntry
Owner: CN=www.google.com, O=Google Inc, L=Mountain View, ST=California, C=US Issuer: C=DE, CN=AXA-DE-Proxy-Issuing-CA17, OU=IF-NDSG, O=AXA Technology Services Germany GmbH Serial number: d21265bf38c9faf8d615fbbf840aaa1fc6959dc5bbff60a48f77e355fa2eac07bccb6c6d
Valid from: Wed Jul 12 14:25:22 CEST 2017 until: Wed Oct 04 13:57:00 CEST 2017
Certificate fingerprints: MD5: 52:73:92:40:38:DF:AB:2B:ED:5B:19:10:00:1D:57:7C SHA1: 76:F8:DC:99:CD:07:F8:81:4F:E5:48:C3:F4:4F:71:46:24:CE:F3:54 SHA256: 9B:72:1F:69:85:4C:AD:20:39:16:D4:7A:12:62:0D:8B:03:EC:8B:2F:E8:FD:40:FA:2E:D2:0E:F3:6A:1F:34:59 Signature algorithm name: SHA256withRSA Version: 3
Could someone help me, please?
Upvotes: 1
Views: 8860
Answers (1)
Reputation: 5449
Your client sits behind a firewall and does HTTPS-requests through a proxy that is dynamically generating SSL-certificates for the sites being contacted in order to eavsdrop on the data being exchanged. You can see that by the issuer of the "Google-certificate" you're checking:
Issuer: C=DE, CN=AXA-DE-Proxy-Issuing-CA17, OU=IF-NDSG, O=AXA Technology Services Germany
Java has its own root-CA-keystore where standard certificate checks are looking for trusted root CAs and your eavsdropper's root certificate is obviously missing there.
To get rid off this error and let the java client falsely assume that the certificate is signed by a trusted CA, you need to add the CAs root certificate to the root keystore of Java. Another solution is to establish the SSL-connection using your own TrustManager. You do that by using your own SSLContext where you set trust- and keymanagers yourself.
The former needs to be done with every Java installation, the latter works within in the application.
Upvotes: 1
Related Questions
- Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
- Google reCaptcha verification handshake exception
- sun.security.validator.ValidatorException: SunCertPathBuilderException -while importing certificate
- SSL Certificate Verification : javax.net.ssl.SSLHandshakeException
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed
- Recaptcha Validation : IOException : Tried all: 1 addresses, but could not connect over HTTPS to server: google.com port: 443
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed google recaptcha
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException
- How to integrate reCaptcha on an SSL site with Java library?
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: