Reputation: 34081
unable to find valid certification path to requested target with Quarkus
I have secured my web app with Keycloak that is based on Quarkus. When I start the app:
./mvnw clean compile quarkus:dev
it shows me:
io.quarkus.oidc.OIDCException: OIDC server is not available at the 'quarkus.oidc.auth-server-url' URL. Please make sure it is correct. Note it has to end with a realm value if you work with Keycloak, for example: 'https://localhost:8180/auth/realms/quarkus'
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The Keycloak server is setting up with certificate https://acme-staging-v02.api.letsencrypt.org/directory(not a valid certificate), because it is a DEV environment.
The Keycloak configuration on Quarkus:
quarkus.oidc.auth-server-url=https://dev.oic.databaker.io/auth/realms/databaker
quarkus.oidc.client-id=svc
quarkus.oidc.credentials.secret=!!!secret!!!
quarkus.keycloak.policy-enforcer.enable=true
quarkus.keycloak.policy-enforcer.paths.1.path=/
quarkus.keycloak.policy-enforcer.paths.1.enforcement-mode=DISABLED
quarkus.ssl.native=false
How to bypass the error?
Upvotes: 1
Views: 3161
Answers (1)
Reputation: 21055
The acme-staging Let's Encrypt certificates are for testing purposes and are not trusted by the CAs included with your system.
You need to add the Fake LE Root X1 root certificate to the list of trusted CA certificates.
This is detailed in the Let's Encrypt Acme docs:
The staging environment intermediate certificate (“Fake LE Intermediate X1”) is issued by a root certificate not present in browser/client trust stores. If you wish to modify a test-only client to trust the staging environment for testing purposes you can do so by adding the “Fake LE Root X1” certificate to your testing trust store. Important: Do not add the staging root or intermediate to a trust store that you use for ordinary browsing or other activities, since they are not audited or held to the same standards as our production roots, and so are not safe to use for anything other than testing.
Upvotes: 1
Related Questions
- Unable to find valid certification path to requested target - error even after cert imported
- Unable to find valid certification path to requested target - java
- Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- Ssl handshake fails with unable to find valid certification path to requested target
- Quarkus Docker JVM SSL issue
- Property quarkus.http.ssl.certificate.key-store-file not working with unable to find valid certification path to requested target
- getting unable to find valid certification path to requested target calling an https public api
- Java error, how do I know which is the missing certificate? "unable to find valid certification path to requested target"
- How to solve "unable to find valid certification path to requested target" with a server public certificate signed by a public CA authority?
- Validating a certificate in java throws an exception - unable to find valid certificate path to requested target