Unable to find valid certification path to requested target - error even after cert imported

0 votes

I have a Java client trying to access a server with a self-signed certificate.

When I try to Post to the server, I get the following error:

unable to find valid certification path to requested target

Having done some research on the issue, I then did the following.

  1. Saved my servers domain name as a root.cer file.
  2. In my Glassfish server's JRE, I ran this: keytool -import -alias example -keystore cacerts -file root.cer.
  3. To check the cert was added to my cacert successfully, I did this: keytool -list -v -keystore cacerts I can see the cert is present.
  4. I then restarted Glassfish and retired the 'post'.

I am still getting thesame error.

I have a feeling this is because my Glassfish is not actually reading the cacert file that I have amended but maybe some other one.

Have any of you had this issue and can push me in the right direction?

Nov 27, 2018 in Java by Sushmita
• 6,920 points

recategorized Nov 28, 2018 by Sushmita 4,887 views
Did you ever figure out how to resolve the issue? I'm having the same problem.

Hi. @Lena,

Did you try the solution given by @Daisy's, Even I have faced the same doubt and that worked for me!!

1 answer to this question.

0 votes

Unfortunately - it could be many things - and lots of app servers and other java 'wrappers' are prone to play with properties and their 'own' take on keychains and what not. So it may be looking at something totally different.

Short of truss-ing - I'd try:

java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=trustStore ...

to see if that helps. Instead of 'all' one can also set it to 'ssl', key manager and trust manager - which may help in your case. Setting it to 'help' will list something like below on most platforms.

Regardless - do make sure you fully understand the difference between the keystore (in which you have the private key and cert you prove your own identity with) and the trust store (which determines who you trust) - and the fact that your own identity also has a 'chain' of trust to the root - which is separate from any chain to a root you need to figure out 'who' you trust.

all            turn on all debugging
ssl            turn on ssl debugging

The   following can be used with ssl:
    record       enable per-record tracing
    handshake    print each handshake message
    keygen       print key generation data
    session      print session activity
    defaultctx   print default SSL initialization
    sslctx       print SSLContext tracing
    sessioncache print session cache tracing
    keymanager   print key manager tracing
    trustmanager print trust manager tracing
    pluggability print pluggability tracing

    handshake debugging can be widened with:
    data         hex dump of each handshake message
    verbose      verbose handshake message printing

    record debugging can be widened with:
    plaintext    hex dump of record plaintext
    packet       print raw SSL/TLS packets
answered Nov 27, 2018 by Daisy
• 8,140 points

Related Questions In Java

+9 votes
16 answers

Unable to resolve this error: "javac is not recognized as an internal or external command"

Check your javac path on Windows using Windows Explorer C:\Program Files\Java\jdk1.7.0_02\bin and ...READ MORE

answered May 23, 2018 in Java by Rishabh
• 3,620 points
464,579 views
0 votes
1 answer

How to resolve the error: could not find or load main class?

If you are getting error: could not ...READ MORE

answered May 28, 2018 in Java by Parth
• 4,640 points
11,483 views
+1 vote
1 answer
0 votes
1 answer

Java Client Certificate over HTTPS/SSL

The missing links was (mostly) the first ...READ MORE

answered Nov 28, 2018 in Java by Sushmita
• 6,920 points
6,831 views
+2 votes
1 answer

How to import an existing x509 certificate and private key in Java keystore to use in SSL?

keytool does not provide such basic functionality ...READ MORE

answered Dec 19, 2018 in Java by Daisy
• 8,140 points
2,615 views
0 votes
0 answers

Javamail Could not convert socket to TLS GMail

I want to send an email using ...READ MORE

May 2, 2022 in Java by Kichu
• 19,040 points
2,999 views
+5 votes
4 answers

How to execute a python file with few arguments in java?

You can use Java Runtime.exec() to run python script, ...READ MORE

answered Mar 27, 2018 in Java by DragonLord999
• 8,450 points

edited Nov 7, 2018 by Omkar 81,395 views
0 votes
2 answers

Unable to find valid certification path to requested target

Unfortunately - it could be many things ...READ MORE

answered Dec 15, 2020 in Java by Roshni
• 10,480 points
42,428 views
0 votes
1 answer

In Java, how to find out the min/max values from array of primitive data types?

import java.util.Arrays; import java.util.Collections; import org.apache.commons.lang.ArrayUtils; public class MinMaxValue { ...READ MORE

answered Jun 12, 2018 in Java by Daisy
• 8,140 points
1,664 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP