Unable to find valid certification path to requested target

Does your client application getting this error?

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Root Cause: It means that the web server or the URL you are trying to connect to does not have a valid certificate from an authorized CA.

Solution: Import the server certificate and install it in your JDK’s keystore.

Below are the steps:

  1. Download the server certificate
  •  Copy the URL that you are connecting and open it in Google Chrome. Click the secured icon (green padlock) and then click Certificate Information


  • From the certificate window, select Details tab then click Copy to File..


  • Click Next


  • Select DER encoded binary X.509 (.CER) then click Next


  • Set the folder path where you want to save the certificate and certificate name then click Next afterwards

Eg. D:\cert\certificate.cer



  • Click Finish


Check the saved certificate file


  1. Import the server certificate to JDK
  • Run command prompt as Administrator, then navigate to bin folder of the JRE

For this case, the path is c:\Program Files (86)\Java\jre6\bin. This may differ depends  on the what Java version are you using


  • Use keytool to manage certificate. This is a command-line utility with numerous arguments that allow you to create and manage keystores for housing digital certificates.

To list down the current certificates contained within keystore, type the following in the command prompt then enter keystore password :changeit

You will see the number of keystores contains

keytool -list -keystore ..\lib\security\cacerts


  • Now, import your server certificate by typing the following command

keytool -import -alias myalias -keystore ..\lib\security\cacerts -file D:\folder\certificate.cer

Eg. keytool -import -alias iphoneftmobile -keystore ..\lib\security\cacerts -file D:\sas\cert\iphoneftcert.cer


  • Type “yes” in “Trust this certificate?” Then press enter key



  • Check again the list of certificates contained in the keystore using this command

keytool -list -keystore ..\lib\security\cacerts


  • Run again the client app and see if it able to connect to the URL