The problem
It may happen to you that when you try and pull some Java dependencies, you will get the annoying PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
error.
It may look something like this:
Could not transfer artifact org.springframework.boot:spring-boot-starter-parent:pom:2.4.0 from/to tpvr-ibm (https://nexus-***.***.***.***:8081/nexus/content/repositories/tpvr-ibm): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The solution
- Go to URL in your browser:
- firefox – click on HTTPS certificate chain (the lock icon right next to URL address). Click
"more info" > "security" > "show certificate" > "details" > "export.."
. Pickup the name and choose file type example.cer - chrome – click on site icon left to address in address bar, select “Certificate” -> “Details” -> “Export” and save in format “Der-encoded binary, single certificate”.
- firefox – click on HTTPS certificate chain (the lock icon right next to URL address). Click
- Now you have file with keystore and you have to add it to your JVM. Determine location of cacerts files
- Windows:
C:\Program Files (x86)\Java\jre1.8.0_22\lib\security\cacerts
- Mac:
/Library/Java/JavaVirtualMachines/jdk1.8.0_221.jdk/Contents/Home/jre/lib/security/cacerts
- Windows:
- Next import the
example.cer
file into cacerts in command line:
What commands to run
Navigate to the security path:
cd /Library/Java/JavaVirtualMachines/jdk1.8.0_221.jdk/Contents/Home/jre/lib/security
Run the keytool and import the certificate file into the cacerts store:
keytool -import -alias example -keystore cacerts -file /path/to/example.cer
You will be asked for password which default is changeit
Restart your JVM/PC.
Keytool command reference
keytool -trustcacerts -keystore "%JAVA_HOME%jre\lib\security\cacerts" -storepass changeit -importcert -alias <alias_name> -file <path_to_crt_file>
Some other things you can follow
- copy a valid
cacerts
file from the Oracle or any other vendors’ JDK into the$JAVA_HOME/lib/security/
- copy a valid
cacerts
file from the Oracle or any other vendors’ JRE into the$JAVA_HOME/jre/lib/security/