Unable to find valid certification path to requested target

Does your client application getting this error?

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Root Cause: It means that the web server or the URL you are trying to connect to does not have a valid certificate from an authorized CA.

Solution: Import the server certificate and install it in your JDK’s keystore.

Below are the steps:

  1. Download the server certificate
  •  Copy the URL that you are connecting and open it in Google Chrome. Click the secured icon (green padlock) and then click Certificate Information

1_unable

  • From the certificate window, select Details tab then click Copy to File..

2_unable

  • Click Next

3_unable

  • Select DER encoded binary X.509 (.CER) then click Next

4_unable

  • Set the folder path where you want to save the certificate and certificate name then click Next afterwards

Eg. D:\cert\certificate.cer

5_unable

 

  • Click Finish

6_unable

Check the saved certificate file

7_unable

  1. Import the server certificate to JDK
  • Run command prompt as Administrator, then navigate to bin folder of the JRE

For this case, the path is c:\Program Files (86)\Java\jre6\bin. This may differ depends  on the what Java version are you using

8_unable

  • Use keytool to manage certificate. This is a command-line utility with numerous arguments that allow you to create and manage keystores for housing digital certificates.

To list down the current certificates contained within keystore, type the following in the command prompt then enter keystore password :changeit

You will see the number of keystores contains

keytool -list -keystore ..\lib\security\cacerts

9_unable

  • Now, import your server certificate by typing the following command

keytool -import -alias myalias -keystore ..\lib\security\cacerts -file D:\folder\certificate.cer

Eg. keytool -import -alias iphoneftmobile -keystore ..\lib\security\cacerts -file D:\sas\cert\iphoneftcert.cer

10_unable

  • Type “yes” in “Trust this certificate?” Then press enter key

11_unable

 

  • Check again the list of certificates contained in the keystore using this command

keytool -list -keystore ..\lib\security\cacerts

12_unable

  • Run again the client app and see if it able to connect to the URL