Java HTTPS testing : sun.security.validator.ValidatorException: PKIX path validation failed:

Software, Web,

I’ve had this https connection problem from my java client to other https server.

sun.security.validator.ValidatorException: PKIX path validation failed:

apparently the problem lies on invalid https certificate on https server i want to access.

for simple https connection testing from java client you can use this small java class : sslPoke
https://confluence.atlassian.com/download/attachments/779355358/SSLPoke.class?version=1&modificationDate=1441897666313&api=v2

after downloading above class, just go to the directory where you put SSLPoke.class and run this command

java SSLPoke google.com 443

*replace google.com and port with https server and port you want to test

if there is no problem with your https connection you’ll get
connection successfull response

pi@raspberrypi /home $ java SSLPoke google.com 443
Successfully connected

otherwise youll get exception error printed
for example i test against tomcat https server with self-signed certificate created using keytool

java SSLPoke 10.10.133.194 8443
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

Some https problem require you to import certificate used on https server to your java (client) keystore.
after importing the certificate from the server (to client), we can execute this java command to access the https server

pi@raspberrypi /home $ java -Djavax.net.ssl.trustStore=/home/apps/serverapps/tomcat7/keys/.keystore SSLPoke 10.2.133.194 8443
Successfully connected

Credits:
https://confluence.atlassian.com/display/KB/Unable+to+Connect+to+SSL+Services+due+to+PKIX+Path+Building+Failed

 

Leave a Reply

Your email address will not be published. Required fields are marked *