PKIX Path Building Failed

Error Code:

javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target.

Reason: This error occurs when the Java environment does not trust the certificate of the server running your SonarQube instance.

Solution: Install the server certificate to the Java key.

Steps:

  1. The next process is to install the certificate in the cacerts file of the jdk installed in the system using the command line.

    Command:

    keytool -import -alias {alias-name for the certificate} -keystore “{path for the cacerts file}” -file {path where we have save the certificate}

    Example:

    keytool -import -alias codescan-certificate -keystore "C:\Program Files\Java\jdk-11.0.9\lib\security\cacerts" -file c:/tmp/codescan-certificate.crt

When adding the certificate, password is required. The password is changeit.

Point to Note:

If adding the certificate as a trusted certificate to the Java Keystore still results in the PKIX path building failed error, we suggest you delete the currently installed certificate from the Java Keystore, export a new certificate, and then attempt a new installation of the certificate.

Command to list all of the certificates from the Java Keystore: keytool -list -v -keystore “{path for the cacerts file}” > /tmp/certs_list.txt

Example: keytool -list -v -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts” > /tmp/certs_list.txt Command to delete the certificate: keytool -delete -noprompt -alias {alias-name for the certificate} -keystore “{path for the cacerts file}”

Example: keytool -delete -noprompt -alias codescan-certificate -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts”

Last updated