Spring Boot Embedded Tomcat - Unable to find valid certification path

Question

I have an interesting problem I have yet to find a solution for. I have a Spring Boot application that is attempting to connect to a 3rd party API. When I run this application locally using the embedded Tomcat server, attempts to connect to this 3rd party API fail with the following exception:

org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://<third party API endpoint>": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; 
nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I've imported the certificate for my 3rd party API into my local JDK's keystore and if I run this application on another application server like Weblogic then it executes as expected. I just can't seem to get the Spring Boot embedded Tomcat server to behave properly.

Any advice would be appreciated.

Answer 1

Turns out my issue was a missing 3rd level intermediate certificate that I need to get through my corporate firewall. In order to figure this out I enabled SSL debugging so I could find the missing certificate. I accomplished this by adding the following VM argument to my application:

-Djavax.net.debug=SSL

Once I saw there was a 3rd level certificate, I imported that certificate into my JDK and poof...problem solved.

Answer 2

Maybe check that your java_home and Java.exe in your path point to the same installation. Usually we have multiple jres and a lot of the time certs get installed into a different jre then being run. Maybe inspect the process and make sure it's using the same jre as has the certs (maybe even try jconsole to verify)