PKIX Path Building Failed
  • 1 Minute to read
  • Contributors
  • Dark
    Light

PKIX Path Building Failed

  • Dark
    Light

This article should help if you encounter the following error and accompanying stack trace:

javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target.

This problem occurs when your Java environment does not trust the certificate of the server running your SonarQube instance. To alleviate this issue, we need to add the server certificate to the Java key store following these steps.

  1. You will need Java keytool, and the location of your CACERTS file. These are typically located in your JRE or JDK such as this:
 ./jdk1.6.0_24/jre/lib/security/cacerts
./jdk-11.0.9/bin/keytool.exe
  1. Navigate to your server in Chrome, click the padlock (image.png) icon on the left of address bar and then click Certificate.
    image.png

  2. Next, go to Certification Path > DigiCert Baltimore Root and then click on View Certificate.
    image.png

  3. Go to Details, click on Copy to File.
    image.png

  4. Select DER encoding binary X.509 (.CER) and download it.
    image.png
    image.png

In an administrative command prompt, navigate to the directory with your downloaded cert. and add the certification to your CACERTS using the keytool (keep in mind the directory syntax will change depending on your OS).

keytool -import -alias MyCert -keystore "C:\Program Files\Java\jdk-11.0.9\lib\security\cacerts" -file cert.cer

image.png


Was this article helpful?