I’ve been trying to debug this error with no luck.
Essentially I’m contacting an external app throught my app. The connection is established fine, the app contacts back my app through a callback URL, then I need to send a final validation to the external app.
This last step is failing because of an SSLHandShajeException.
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
I’ve had a look at the possible causes, and created a truststore with the external app cert in it following these steps:
- download the cert chain from the browser
- creating the truststore with
keytool -import -v -trustcacerts -alias mycert -file
x_my_cert_location_x -keystore truststore
- adding the above trustore in my setenv file
- restart my tomcat instance.
This has not resolved the problem.
I also added to cert to the cacert file, and the same to the connector in the server.xml file as follows:
Debugging in the SSL, I can see:
> %% Invalidated: [Session-15, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] > http-nio-8080-exec-9, SEND TLSv1.2 ALERT: fatal, description = > certificate_unknown http-nio-8080-exec-9, WRITE: TLSv1.2 Alert, length > = 2 [Raw write]: length = 7 0000: 15 03 03 00 02 02 2E ....... http-nio-8080-exec-9, called closeSocket() http-nio-8080-exec-9, > handling exception: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target
Which makes no real sense to me. My app is on java 1.8.242. Any advice on this please?