Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Resolve PKIX Path Building Failed in Spring Cloud Server

DZone's Guide to

Resolve PKIX Path Building Failed in Spring Cloud Server

The problem was that Java was missing the certificate from a specific website, in this case, http://repo.spring.io.

· Cloud Zone ·
Free Resource

Site24x7 - Full stack It Infrastructure Monitoring from the cloud. Sign up for free trial.

I was trying to get spring-cloud-server started on my laptop and I was getting:
Downloaded: http://repo.spring.io/libs-snapshot/org/codehaus/mojo/maven-metadata.xml 
(21 KB at 16.6 KB/sec)  
[WARNING] Could not transfer metadata org.apache.maven.plugins/maven-metadata.xml 
  from/to central (https://repo.maven.apache.org/maven2): 
sun.security.validator.ValidatorException: 
    PKIX path building failed: 
    sun.security.provider.certpath.SunCertPathBuilderException: 
    unable to find valid certification path to requested target
[WARNING] Could not transfer metadata org.codehaus.mojo/maven-metadata.xml 
    from/to central (https://repo.maven.apache.org/maven2): 
    sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target

Cause:

The issue is I don't have a valid certificate for http://repo.spring.io.

Solution:

Step 1: Get the certificate from the location. In this case it is: http://repo.spring.io.

Here's how:

I used Firefox to browse to the link. On the top left there is a lock icon. Click on it > Click on the right arrow to get to information > Click on More Information > Click on View Certificate > Click on Details > Click on Export and save the certificate on your drive as a file say: Certificate.cer.

** It's important you choose X.509 Certificate (PEM) as the type.

Step 2: Now that you have downloaded the certificate, you need to install the certificate on your machine.

On my machine I did this:

keytool -import -file ~/Downloads/Certificate.cer -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home/jre/lib/security/cacerts

Of course the location of your java's cacerts might be different. To find out the location of cacerts directory, do:

echo $JAVA_HOME

In my case the output of echo $JAVA_HOME was:/Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home. Then I just looked for cacerts directory in it and found it to be at: jre/lib/security/cacerts

If you dont't want to install a certificate you can also do below:

export MAVEN_OPTS="$MAVEN_OPTS -Djavax.net.ssl.trustStore=/Users/rhasija/Downloads/Certificate.cer"

This will solve the problem for maven but not necessarily for java.

Summary

The problem was Java was missing the certificate from a specific website, in my case, http://repo.spring.io. So I got the certificate file using Step 1 and then imported the certificate in my machine's java cacerts using keytool as show in Step 2.

Hope you found this information helpful. Please let me know if you have any questions.

References:

  1. https://github.com/escline/InstallCert 
  2. http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/ 
  3. http://stackoverflow.com/questions/16965453/keytool-certificate-import-gives-erro-message-keystore-was-tampered-with-or 
  4. http://stackoverflow.com/questions/11936685/how-to-obtain-the-location-of-cacerts-of-the-default-java-installation 
  5. http://stackoverflow.com/questions/25911623/problems-using-maven-and-ssl-behind-proxy 


Site24x7 - Full stack It Infrastructure Monitoring from the cloud. Sign up for free trial.

Topics:
ssl certificates ,truststore ,ssl ,spring cloud ,java

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}