SunCertPathBuilderException: unable to find valid certification path to requested target

Introduction

This issue occurs while establishing a trusted connection over SSL (Secure Socket Layer) in Artifactory. The error message indicates that Artifactory could not establish a trusted connection over SSL. You may find this issue if you are using Self-Signed certificate or a certificate that is issued by an internal Certificate Authority or if your clients (e.g. browser, java) are outdated. The trust is handled by having root and intermediate certificates of your SSL certificate on a trusted keystore.

Prerequisites

Before reading this tutorial please go through the tutorial using SSL with jax-ws webservice.

Generating Certificate

I have generated the keystore file in another example using SSL with jax-ws webservice for establishing connection using SSL.

Now you need to generate certificate and install Java certificate to your generated keystore file.

First I will generate client certificate from keystore using the command line tool by executing the following command.

C:\Java\jdk-12.0.2\bin\keytool -export -alias tomcat -file C:\keystore\client.cer -keystore C:\keystore\keystore.jks

Make sure to change the path values according to your file location.

You will have the similar output as shown in the below figure ahile you execute the above command:

SunCertPathBuilderException: unable to find valid certification path to requested target

Installing Java Certificate

Now you need to install or add Java certificate to your keystore file so that SSL connection can be established with trusted certificate.

C:\Java\jdk-12.0.2\bin\keytool -importcert -keystore C:\Java\jdk-12.0.2\lib\security\cacerts -storepass changeit -file C:\keystore\client.cer -alias java

Make sure to change the file location according to your path.

Note that chageit is the default password for Java certificate.

After installation, you will get following output in command prompt:

SunCertPathBuilderException: unable to find valid certification path to requested target

So from the above output it’s obvious that certificate already added to the keystore.

Testing the Application

Now run webservice client HelloSSLClient.java again.

If you have not fixed the following issue then check how to resolve: java.security.cert.CertificateException: No name matching localhost found

java.security.cert.CertificateException: No name matching localhost found

If you had fixed the above issue then you will get the following output in the console:

Hello Soumitra

Thanks for reading.

1 thought on “SunCertPathBuilderException: unable to find valid certification path to requested target

Leave a Reply

Your email address will not be published. Required fields are marked *