Skip to main content

How to fix PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException

How to fix PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException

Introduction


In the last article, we were trying to enable communication over https between 2 applications using the self-signed certificate. Once the certificate was added and when we ran the application some users would have got the below error.

In this article, we will focus on how to fix the above error.

Cause of error

The reason, we get above error is that JDK is bundled with a lot of trusted Certificate Authority(CA) certificates into a file called ‘cacerts’ but this file has no clue of our self-signed certificate. In other words, the cacerts file doesn’t have our self-signed certificate imported and thus doesn’t treat it as a trusted entity and hence it gives the above error.

How to fix the above error

To fix the above error, all we need is to import the self-signed certificate into the cacerts file.

  • First, locate the cacerts file. We will need to find out the JDK location. If you are running your application through one of the IDE’s like Eclipse or IntelliJ Idea go to project settings and figure out what is the JDK location.
    For e.g on a Mac OS typical location of cacerts file would be at this location /Library/Java/JavaVirtualMachines/ {{JDK_version}}/Contents/Home/jre/lib/security
    on a Window’s machine it would be under {{Installation_directory}}/{{JDK_version}}/jre/lib/security
  • Once you have located the cacerts file, now we need to import our self-signed certificate to this cacerts file. Check the last article, if you don’t know how to generate the self-signed certificate correctly.
  • If you don’t have a certificate file(.crt) and just have a .jks file you can generate a .crt file by using below command. In case you already have a .crt/.pem file then you can ignore below command

Above step will generate a file called selfsigned.crt

  • Import the certificate to cacerts

for e.g

 

That’s all, restart your application and it should work fine. If it still doesn’t work and get an SSL handshake exception. It probably means you are using different domain then registered in the certificate.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Bitnami