Resolve PKIX Path Building Failed in Spring Cloud Server
The problem was that Java was missing the certificate from a specific website, in this case, http://repo.spring.io.
Join the DZone community and get the full member experience.
Join For FreeDownloaded: http://repo.spring.io/libs-snapshot/org/codehaus/mojo/maven-metadata.xml
(21 KB at 16.6 KB/sec)
[WARNING] Could not transfer metadata org.apache.maven.plugins/maven-metadata.xml
from/to central (https://repo.maven.apache.org/maven2):
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
[WARNING] Could not transfer metadata org.codehaus.mojo/maven-metadata.xml
from/to central (https://repo.maven.apache.org/maven2):
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Cause:
The issue is I don't have a valid certificate for http://repo.spring.io.
Solution:
Step 1: Get the certificate from the location. In this case it is: http://repo.spring.io.
Here's how:
I used Firefox to browse to the link. On the top left there is a lock icon. Click on it > Click on the right arrow to get to information > Click on More Information > Click on View Certificate > Click on Details > Click on Export and save the certificate on your drive as a file say: Certificate.cer.
** It's important you choose X.509 Certificate (PEM) as the type.
Step 2: Now that you have downloaded the certificate, you need to install the certificate on your machine.
On my machine I did this:
keytool -import -file ~/Downloads/Certificate.cer -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home/jre/lib/security/cacerts
Of course the location of your java's cacerts might be different. To find out the location of cacerts directory, do:
echo $JAVA_HOME
In my case the output of echo $JAVA_HOME was:/Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home. Then I just looked for cacerts directory in it and found it to be at: jre/lib/security/cacerts
If you dont't want to install a certificate you can also do below:
export MAVEN_OPTS="$MAVEN_OPTS -Djavax.net.ssl.trustStore=/Users/rhasija/Downloads/Certificate.cer"
This will solve the problem for maven but not necessarily for java.
Summary
The problem was Java was missing the certificate from a specific website, in my case, http://repo.spring.io. So I got the certificate file using Step 1 and then imported the certificate in my machine's java cacerts using keytool as show in Step 2.
Hope you found this information helpful. Please let me know if you have any questions.
References:
- https://github.com/escline/InstallCert ↩
- http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/ ↩
- http://stackoverflow.com/questions/16965453/keytool-certificate-import-gives-erro-message-keystore-was-tampered-with-or ↩
- http://stackoverflow.com/questions/11936685/how-to-obtain-the-location-of-cacerts-of-the-default-java-installation ↩
- http://stackoverflow.com/questions/25911623/problems-using-maven-and-ssl-behind-proxy
Opinions expressed by DZone contributors are their own.
Comments