Contents x
    PKIX Path Building Failed
    • 31 May 2023
    • 1 Minute to read
    • Contributors
    • Dark
      Light
    • PDF
    Contents

    PKIX Path Building Failed

    • Updated on 31 May 2023
    • 1 Minute to read
    • Contributors
    • Dark
      Light
    • PDF
    Article Summary

    Error Code:

    javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target.

    Reason:
    This error occurs when the Java environment does not trust the certificate of the server running your SonarQube instance.

    Solution:
    Install the server certificate to the Java key.

    Steps:

    1. In your browser, to the left of the URL, there is a lock icon (image.png).

    2. Click on this icon and a window will pop up. From the window, select Connection is secure.
      image.png

    3. Select the second option, i.e., Certificate is valid.
      image.png

    4. Go to the Details tab and click on Export.
      image.png

    5. Rename the certificate (e.g., codescan-certificate), then choose a location and save the certificate.
      image.png

    6. The next process is to install the certificate in the cacerts file of the jdk installed in the system using the command line.

      Command:

      keytool -import -alias {alias-name for the certificate} -keystore “{path for the cacerts file}” -file {path where we have save the certificate}


      Example:

      keytool -import -alias codescan-certificate -keystore "C:\Program Files\Java\jdk-11.0.9\lib\security\cacerts" -file c:/tmp/codescan-certificate.crt

    When adding the certificate, password is required. The password is changeit.

    Point to Note:

    If adding the certificate as a trusted certificate to the Java Keystore still results in the PKIX path building failed error, we suggest you delete the currently installed certificate from the Java Keystore, export a new certificate, and then attempt a new installation of the certificate.

    Command to list all of the certificates from the Java Keystore:
    keytool -list -v -keystore “{path for the cacerts file}” > /tmp/certs_list.txt

    Example: keytool -list -v -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts” > /tmp/certs_list.txt


    Command to delete the certificate:
    keytool -delete -noprompt -alias {alias-name for the certificate} -keystore “{path for the cacerts file}”

    Example: keytool -delete -noprompt -alias codescan-certificate -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts”

    Was this article helpful?
    What's Next
    AutoRABIT Help Center © 2022. All rights reserved.