This issue occurs while establishing a trusted connection over SSL (Secure Socket Layer) in Artifactory. The error message indicates that Artifactory could not establish a trusted connection over SSL. You may find this issue if you are using Self-Signed certificate or a certificate that is issued by an internal Certificate Authority or if your clients (e.g. browser, java) are outdated. The trust is handled by having root and intermediate certificates of your SSL certificate on a trusted keystore.
Before reading this tutorial please go through the tutorial using SSL with jax-ws webservice.
I have generated the keystore file in another example using SSL with jax-ws webservice for establishing connection using SSL.
Now you need to generate certificate and install Java certificate to your generated keystore file.
First I will generate client certificate from keystore using the command line tool by executing the following command.
C:\Java\jdk-12.0.2\bin\keytool -export -alias tomcat -file C:\keystore\client.cer -keystore C:\keystore\keystore.jks
Make sure to change the path values according to your file location.
You will have the similar output as shown in the below figure ahile you execute the above command:
Installing Java Certificate
Now you need to install or add Java certificate to your keystore file so that SSL connection can be established with trusted certificate.
C:\Java\jdk-12.0.2\bin\keytool -importcert -keystore C:\Java\jdk-12.0.2\lib\security\cacerts -storepass changeit -file C:\keystore\client.cer -alias java
Make sure to change the file location according to your path.
chageit is the default password for Java certificate.
After installation, you will get following output in command prompt:
So from the above output it’s obvious that certificate already added to the keystore.
Testing the Application
Now run webservice client HelloSSLClient.java again.
If you have not fixed the following issue then check how to resolve: java.security.cert.CertificateException: No name matching localhost found
java.security.cert.CertificateException: No name matching localhost found
If you had fixed the above issue then you will get the following output in the console:
Thanks for reading.
1 thought on “SunCertPathBuilderException: unable to find valid certification path to requested target”