Home > Java > javaTutorial > ## Why does my Java client get a \'PKIX path building failed\' error when accessing an HTTPS web service?

## Why does my Java client get a \'PKIX path building failed\' error when accessing an HTTPS web service?

Barbara Streisand
Release: 2024-10-26 17:52:03
Original
472 people have browsed it

## Why does my Java client get a

PKIX Path Building Failed: Unable to Find Valid Certification Path to Requested Target

Question:

When attempting to access a particular HTTPS web service using a Java client, the following exception is encountered:

java.lang.RuntimeException: PKIX path building failed: unable to find valid certification path to requested target
Copy after login

Answer:

This exception indicates that the Java client is unable to establish a secure connection with the web service due to an issue with the certificate chain presented by the server.

Possible Solutions:

  1. Configure Trust Store:

    The client might not have the necessary certificates installed in its trust store. To resolve this, set the system properties to specify the path to the trust store and its password:

    <code class="java">System.setProperty("javax.net.ssl.trustStore", "clientTrustStore.key");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");</code>
    Copy after login
  2. Import Server Certificate:

    If the client's trust store doesn't contain the server's certificate, manually import it. Follow these steps:

    • Export the server's certificate in PEM format (e.g., certificate.crt) using a tool like openssl.
    • Convert the PEM file to a binary X.509 certificate file (e.g., certificate.der):

      <code class="shell">openssl x509 -in certificate.pem -out certificate.der -outform DER</code>
      Copy after login
    • Import the DER file into the client's trust store using the keytool utility:

      <code class="shell">keytool -import -alias server_cert -file certificate.der -keystore clientTrustStore.key</code>
      Copy after login
  3. Update Java SSL Configuration:

    Ensure that the Java SSL configuration is set correctly. For example, by modifying ~/.java/jre/lib/security/jssecacerts or using the following command:

    <code class="shell">keytool -import -alias server_cert -file certificate.der -keystore cacerts</code>
    Copy after login
  4. Disable SSL Certificate Verification (Not Recommended):

    As a temporary measure, you can disable SSL certificate verification, but this is not recommended due to security concerns:

    <code class="java">HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);</code>
    Copy after login
  5. Obtain Different Certificate:

    If the web service requires a specific certificate, obtain that certificate and install it in the client's trust store.

The above is the detailed content of ## Why does my Java client get a \'PKIX path building failed\' error when accessing an HTTPS web service?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template