If you have questions or if you want to share your opinion about Aware IM post your message on this forum
#51327 by Jaymer
Thu Aug 08, 2019 7:11 pm
Today on a customer's server, we tried an older routine which probably hadn't been run in a few months.
Its was a simple REST API call.
Yet it returned an odd error:
PKIX path building failed sun.security.provider.certpath.suncertpathbuilderexception
SunCertPathBuilderException: unable to find valid certification path to requested target

We had received that error a few months back when trying to connect to a MS Exchange server - and the company's admin was able to correct a certificate issue on their end, so we had to do nothing.

But I'd never seen it in relation to a REST call.
It makes sense though, because our endpoint was https:// so SSL was involved.

To fix it, I had to request a certificate:
1) Install openssl on windows
2) this hits the REST provider:
Code: Select all"\Program Files\OpenSSL-Win64\bin\openssl" s_client  -connect api.geocod.io:443

3) Having that provide an acceptable result, then parse that result into a .pem file:
Code: Select allC:\Users\Administrator>"\Program Files\OpenSSL-Win64\bin\openssl" s_client  -connect api.geocod.io:443 | "\Program Files\OpenSSL-Win64\bin\openssl" x509 -outform PEM >geocodio.pem

4) That .pem file should contain data like this now:
Code: Select all-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISA7R7XTy7BP8hM+8ZZSPYVGgjMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA2MTkxNjE0MzNaFw0x
OTA5MTcxNjE0MzNaMBYxFDASBgNVBAMMCyouZ2VvY29kLmlvMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwN6MwORMmVurxD3upT5OoKFIo1RxGCqR9YH
H+mpBCU2FXwlrAhQkbXCmTvTBCj1652hlq8mP2K5rgH2GOH4zNFZMuN4M69mT0Uc
cqLZzm7jTXa4lBWQcLsKtRZuNEh57gh9w1Ks5SEM4XxF3Le2nC2EPg3JcYtVp0rl
kda70g3mHJNnVifmVx1miqq2AsrUDCBSvKLOAOvp9h4ZsehbdPOkF0yu2mcP+6Y/
DuzkSt/l5EmKjTG8ZTnR8xTLCC5izQB1QihTPaRLkoakemcJ3QSOZ9qHHkQkAnCb
cr+3UNKzT1xAfx8vXMo1+bFvysGt7uNK1bSZPOyvVTTiSnFJhwIDAQABo4ICYTCC
Al0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR6M9oRMRw4oDx/jG/+drfTxm/TozAf
BgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEw
LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcw
LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv
MBYGA1UdEQQPMA2CCyouZ2VvY29kLmlvMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG
CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5
cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcAdH7agzGtMxCRIZzOJU9C
cMK//V5CIAjGNzV55hB7zFYAAAFrcLuhNgAABAMASDBGAiEAyPI2Ttfulz5HontK
OYKzjN+KeOJGou2WfBziYizoOxgCIQD1pSQJXg2LG+oTm2RV/Bd9wy2tb5rleIgL
WhqsCQOWUAB2ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABa3C7
oSUAAAQDAEcwRQIhAI4OmCexzbEjViWUdI8yB4V4RI5sbDVf+VLxP66YPwlVAiAx
LJOfCGE03XI4YHbsMghlU8mUI6ElyG1Xmmy5ItCU+TANBgkqhkiG9w0BAQsFAAOC
Or3lrFtmxWU5SmmfmNy39efYxfZjbKFGKeAZtBZ/+KA+dOg2lm671YJy6wblTuGA
aL78gPNlE6MuEajX2nAvQ5CYDt8IPOOK/G/gIJPfpxkrLgJPF/KrZZn+dBslgkaz
HQhXKTscdyUhkp+O58FmoqESEEB9qx9owBBm7nI1R8U3kqAWyGkIad1x397cQ4pQ
L3zHvB6cXiy3SULyPlxozzAygA==
-----END CERTIFICATE-----


5) Now add that certificate to out java keystore:
Code: Select allC:\Users\Administrator>cd C:\AwareIM\JDK\bin
C:\AwareIM\JDK\bin>keytool -import -storepass <yourpasshere> -noprompt -alias geocodio -keystore \AwareIM\JDK\lib\security\cacerts -trustcacerts -file C:\Users\Administrator\geocodio.pem
Certificate was added to keystore


Back in the browser, ran the same program to do a REST call and it worked fine.
No idea what could have happened.
There's plenty of google results on this issue, but none that seemed like they really applied to us, but at least this got the site working again.

jaymer...

Who is online

Users browsing this forum: Google [Bot] and 35 guests