- 31 May 2023
- 1 Minute to read
- Contributors
- DarkLight
- PDF
PKIX Path Building Failed
- Updated on 31 May 2023
- 1 Minute to read
- Contributors
- DarkLight
- PDF
Error Code:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target.
Reason:
This error occurs when the Java environment does not trust the certificate of the server running your SonarQube instance.
Solution:
Install the server certificate to the Java key.
Steps:
In your browser, to the left of the URL, there is a lock icon (
).
Click on this icon and a window will pop up. From the window, select Connection is secure.
Select the second option, i.e.,
Certificate is valid
.
Go to the Details tab and click on Export.
Rename the certificate (e.g., codescan-certificate), then choose a location and save the certificate.
The next process is to install the certificate in the cacerts file of the jdk installed in the system using the command line.
Command:
keytool -import -alias {alias-name for the certificate} -keystore “{path for the cacerts file}” -file {path where we have save the certificate}
Example:keytool -import -alias codescan-certificate -keystore "C:\Program Files\Java\jdk-11.0.9\lib\security\cacerts" -file c:/tmp/codescan-certificate.crt
When adding the certificate, password is required. The password is changeit
.
If adding the certificate as a trusted certificate to the Java Keystore still results in the PKIX path building failed error, we suggest you delete the currently installed certificate from the Java Keystore, export a new certificate, and then attempt a new installation of the certificate.
Command to list all of the certificates from the Java Keystore:
keytool -list -v -keystore “{path for the cacerts file}” > /tmp/certs_list.txt
Example: keytool -list -v -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts” > /tmp/certs_list.txt
Command to delete the certificate:
keytool -delete -noprompt -alias {alias-name for the certificate} -keystore “{path for the cacerts file}”
Example: keytool -delete -noprompt -alias codescan-certificate -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts”