Reputation: 81
Getting PKIX path build failure for aws com.amazonaws.SdkClientException
While I am trying to upload an object to the S3 bucket from java using Eclipse. I am getting below exception
com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Please refer the link from which I have taken and execute the sample code
https://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html
Any help on this will be appriciated.
Upvotes: 5
Views: 31195
Answers (2)
Reputation: 1
I faced the same issue with Eclipse with AWS Java SDK 2 to execute the AWS Java SDK sample codes from AWS SDK documentation. Here are the things I found. Newer Java versions have Amazon Root CA already in JDK truststore.
After troubleshooting the Application with with Parameter -Djavax.net.debug=all, or -Djavax.net.debug=ssl by passing vmargs in Run configurations, it was throwing an exception from the Intermediate Root CA from ZScalar certificate. JDK truststore does not have that Intermediate Root CA.
Then I went to ZScaler website to download their root, and intermediate CA from the URL. Here are the certificates that I downloaded. Add them to JDK truststore using the following command.
I have added root as well intermediate CA certificates from ZScaler, and then Eclipse Java Application with AWS Java SDK worked well without giving any errors.
Summary is: Sometimes the problem is with Intermediate Root CAs that are not added to JDK trust store by default.
keytool -import -alias zscaler-int-ca1 -file zscaler-ca1.cer -keystore $JAVA_HOME/lib/jre/security/cacerts
keytool -import -alias zscaler-root-ca1 -file zscaler-ca2.cer -keystore $JAVA_HOME/lib/jre/security/cacerts
Upvotes: 0
Reputation: 11
I'm having the same issue. I seen on other posts (examples include forums.aws.amazon.com/thread.jspa?threadID=290003 and github.com/aws/aws-sdk-java/issues/1757), that adding JDKs CACERTS to the eclipse.ini file has worked. I have a Public S3 bucket and an IAM user with Admin rights, to ensure permissions were not causing this.
This is still an ongoing issue for me, but one of these may fix your issue uddeshya pratik
Upvotes: 1
Related Questions
- AWS was not able to validate the provided access credentials
- S3Exception with AWS SDK for Java version 2 - The request signature we calculated does not match the signature you provided
- Error in using aws-java-sdk-s3
- AWS S3 Java SDK - Access Denied
- Access denied with new Amazon S3 Java SDK V2
- AWS SDK for Java S3 bucket Access Key Id issue
- AWS Java SDK PKIX path building failed
- Error while creating S3 Client in Java
- SSLHandshakeException while using AWS SDK for Java API
- Amazon AWS Java SDK example errors