PKIX path building failed in Java application

by

I ran into similar issues whose cause and solution turned out both to be rather simple:

Main Cause: Did not import the proper cert using keytool

NOTE: Only import root CA (or your own self-signed) certificates

NOTE: don’t import an intermediate, non certificate chain root cert

Solution Example for imap.gmail.com

  1. Determine the root CA cert: 

    openssl s_client -showcerts -connect imap.gmail.com:993

    in this case we find the root CA is Equifax Secure Certificate Authority

  2. Download root CA cert.
  3. Verify downloaded cert has proper SHA-1 and/or MD5 fingerprints by comparing with info found here

  4. Import cert for javax.net.ssl.trustStore: 

    keytool -import -alias gmail_imap -file Equifax_Secure_Certificate_Authority.pem
  5. Run your java code

More Related Contents:

  1. Trusting all certificates using HttpClient over HTTPS
  2. why doesn’t java send the client certificate during SSL handshake?
  3. How to fix the “java.security.cert.CertificateException: No subject alternative names present” error?
  4. How to programmatically set the SSLContext of a JAX-WS client?
  5. How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?
  6. How to convert certificate from PEM to JKS?
  7. How do I do TLS with BouncyCastle?
  8. Can we load multiple Certificates & Keys in a Key Store?
  9. How can I use different certificates on specific connections?
  10. How to use wait and notify in Java without IllegalMonitorStateException?
  11. Should a retrieval method return ‘null’ or throw an exception when it can’t produce the return value? [closed]
  12. Differences between Exception and Error
  13. Java / Android – How to print out a full stack trace?
  14. tomcat server fails to start the server and application in STS [duplicate]
  15. Eclipse – java.lang.ClassNotFoundException
  16. When should an IllegalArgumentException be thrown?
  17. Java SSL: how to disable hostname verification
  18. Problems connecting via HTTPS/SSL through own Java client
  19. How to enable SSL 3 in Java
  20. Can we use “return” in finally block [duplicate]
  21. Choosing SSL client certificate in Java
  22. PrintWriter and PrintStream never throw IOExceptions
  23. Rethrowing exceptions in Java without losing the stack trace
  24. Java uncaught global exception handler
  25. Unhandled Exception in Java
  26. JavaFX Exception in thread “main” java.lang.NoClassDefFoundError: javafx/application/Application
  27. How set up Spring Boot to run HTTPS / HTTP ports
  28. How to make HTTPS GET call with certificate in Rest-Assured java
  29. What is Keystore?
  30. Uncatchable ChuckNorrisException

Leave a Comment