How to Resolve 'sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target'?

Resolving "sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" Exception

The provided code attempts to download a file from an HTTPS server but encounters a certificate-related error. This error often occurs when the server presents a self-signed certificate that is not trusted by the client's JVM.

To address this issue, you can instruct the client to trust the server's certificate. Here's how:

Fetch the Server's Certificate Using a Browser

1. Visit the HTTPS server in your browser.
2. Click the lock icon in the address bar and view the certificate details.
3. Export the certificate as a file, typically with a .cer or .crt extension.

Add the Certificate to the JVM's Truststore

There are two ways to do this:

• Edit JAVA_HOME/jre/lib/security/cacerts:

  1. Open the cacerts file located in /JAVA_HOME/jre/lib/security/ with a Java keytool utility.

  2. Import the exported certificate using the -importcert command. For example:

     keytool -keystore cacerts -importcert -file my_server_cert.cer

• Use the -Djavax.net.ssl.trustStore Parameter:

  You can specify a different truststore location by setting the Java system property:

  java -Djavax.net.ssl.trustStore=/path/to/my_truststore

Note: Make sure to use the correct JDK/JRE version, as it influences the location of the cacerts file.

By trusting the certificate, you authorize the client to communicate with the server despite the lack of a trusted CA. However, it's important to note that this may introduce security risks if the server's certificate is untrustworthy.

The above is the detailed content of How to Resolve 'sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target'?. For more information, please follow other related articles on the PHP Chinese website!