9

i'm working with Liferay and i'm using eclipse, and running a client/server model, using an encrypted socket (SSL).

Currently, my application is running the client/server connection ok when I run the application in batch mode but when i try to start the server in Eclipse the application is giving me error

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

I already use the InstallCert.java and copy the jssecacerts into

%JAVA_HOME%/jdk_version/jre/lib/security

but is still giving me errors. I've also checked the certificate (keytool -v -list) and installed manually in the root CAs trusted. What can be the problem? Thanks!

El0din
  • 2,989
  • 2
  • 19
  • 26

3 Answers3

8

Please refer this answer for your reference.

No need of passing any VM arguments after you successfully installed certificate of the site which is giving you PKIX error!

But key is to find JRE which is giving you this error! So make sure about 2 things:

  1. you install certificate to cacerts file of JRE which Eclipse is using
  2. certificate is root certificate
Eugen Labun
  • 2,383
  • 1
  • 21
  • 16
positivecrux
  • 1,278
  • 2
  • 14
  • 32
  • 2
    my certificate was a root certificate, but i needed to add in the jre, i use portecle for that and that works! thx! – El0din Aug 23 '16 at 07:01
  • related: https://mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/ – XoXo Feb 19 '21 at 18:34
1

Try passing the certifacate path in VM arguments when running in eclipse 

-Djavax.net.ssl.trustStore="PATH_TO_jssecacerts"
KlajdPaja
  • 939
  • 1
  • 8
  • 17
0

tried and tested method. if you face this certificate issue with eclipse plugin installation do below steps:

  1. note the url of the plugin site you are facing issue.

  2. hit that url in browser.

  3. go to lock symbol on left side and click to view certificate

  4. go to details and do file export in Base 64.

  5. better to save cert in eclipse directory.

  6. open cmd with administrator

  7. go to jdk directory you are using to run eclipse and find keytool

  8. run below command keytool -keystore ..\lib\security\cacerts -import -alias example2 -file <path_to_expotrted cert in step 4> use password - changeit

  9. go to eclipse.ini and add below commands -Djavax.net.ssl.trustStore=C:\Program Files\Java\jdk-11\lib\security\cacerts

  10. make sure to restart eclipse after every plugin site certificate added to keystore.

rohsin47
  • 1
  • 1