PKIX Path Building Failed

Error Code:

javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target.

Reason: This error occurs when the Java environment does not trust the certificate of the server running your SonarQube™ instance.

Solution: Install the server certificate to the Java key.

Steps:

  1. Click on this icon and a window will pop up. From the window, select Connection is secure.

  1. Select the second option, i.e., Certificate is valid.

  1. Go to the Details tab and click on Export.

  1. Rename the certificate (e.g., codescan-certificate), then choose a location and save the certificate.

  1. The next process is to install the certificate in the cacerts file of the jdk installed in the system using the command line.

Command:

keytool -import -alias {alias-name for the certificate} -keystore “{path for the cacerts file}” -file {path where we have save the certificate}

Example:

keytool -import -alias codescan-certificate -keystore "C:\Program Files\Java\jdk-11.0.9\lib\security\cacerts" -file c:/tmp/codescan-certificate.crt

When adding the certificate, password is required. The password is changeit.

Point to Note:

If adding the certificate as a trusted certificate to the Java Keystore still results in the PKIX path building failed error, we suggest you delete the currently installed certificate from the Java Keystore, export a new certificate, and then attempt a new installation of the certificate.

Command to list all of the certificates from the Java Keystore: keytool -list -v -keystore “{path for the cacerts file}” > /tmp/certs_list.txt

Example: keytool -list -v -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts” > /tmp/certs_list.txt Command to delete the certificate: keytool -delete -noprompt -alias {alias-name for the certificate} -keystore “{path for the cacerts file}”

Example: keytool -delete -noprompt -alias codescan-certificate -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts”

Last updated