Apex Code Development You need to sign in to do that
Don't have an account?
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am trying to do a OAuth2 login with java to connect salesforce,when i send the post request to this url :https://login.salesforce.com/services/oauth2/token
an error occured:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
does anybody meet this problem before? who can help me to solve this problem ,thanks a lot in advance
When I got the error, I tried to Google out the meaning of the expression and I found, this issue occurs when a server changes their HTTPS SSL certificate, and our older version of java doesn’t recognize the root certificate authority (CA).
• If you can access the HTTPS URL in your browser then it is possible to update Java to recognize the root CA.
• In your browser, go to the HTTPS URL that Java could not access. Click on the HTTPS certificate chain (there is lock icon in the Internet Explorer), click on the lock to view the certificate.
• Go to “Details” of the certificate and “Copy to file”. Copy it in Base64 (.cer) format. It will be saved on your Desktop.
• Install the certificate ignoring all the alerts.
• This is how I gathered the certificate information of the URL that I was trying to access.
Now I had to make my java version to know about the certificate so that further it doesn’t refuse to recognize the URL. In this respect I must mention that I googled out that root certificate information stays by default in JDK’s \jre\lib\security location, and the default password to access is: changeit.
To view the cacerts information the following are the procedures to follow:
• Click on Start Button-->Run
• Type cmd. The command prompt opens (you may need to open it as administrator).
• Go to your Java/jreX/bin directory
• Type the following It gives the list of the current certificates contained within the keystore. It looks something like this: Now I had to include the previously installed certificate into the cacerts.
• For this, the following is the procedure: If you are using Java 7: It will then add the certificate information into the cacert file.
It is the solution I found for the Exception mentioned above!!
Hope this helps.
Thanks,
Nagendra
All Answers
When I got the error, I tried to Google out the meaning of the expression and I found, this issue occurs when a server changes their HTTPS SSL certificate, and our older version of java doesn’t recognize the root certificate authority (CA).
• If you can access the HTTPS URL in your browser then it is possible to update Java to recognize the root CA.
• In your browser, go to the HTTPS URL that Java could not access. Click on the HTTPS certificate chain (there is lock icon in the Internet Explorer), click on the lock to view the certificate.
• Go to “Details” of the certificate and “Copy to file”. Copy it in Base64 (.cer) format. It will be saved on your Desktop.
• Install the certificate ignoring all the alerts.
• This is how I gathered the certificate information of the URL that I was trying to access.
Now I had to make my java version to know about the certificate so that further it doesn’t refuse to recognize the URL. In this respect I must mention that I googled out that root certificate information stays by default in JDK’s \jre\lib\security location, and the default password to access is: changeit.
To view the cacerts information the following are the procedures to follow:
• Click on Start Button-->Run
• Type cmd. The command prompt opens (you may need to open it as administrator).
• Go to your Java/jreX/bin directory
• Type the following It gives the list of the current certificates contained within the keystore. It looks something like this: Now I had to include the previously installed certificate into the cacerts.
• For this, the following is the procedure: If you are using Java 7: It will then add the certificate information into the cacert file.
It is the solution I found for the Exception mentioned above!!
Hope this helps.
Thanks,
Nagendra
We are using outbound message( using Workflow Rule) and there is no certificate used in Salesforce for this purpose. Now, we are getting following error when sending outbound message in Sandbox.
javax.net.ssl.SSLPeerUnverifiedException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.pro
Eventually there is change in company for web services (SOAP/API) environment for improved security:
Certificates will be updated (attached is GeoTrust root and intermediate cert if needed)
Deactivate SSLv3 and TLS 1.0 due to known vulnerabilities
Virtual IP addresses of the URL will be updated – note URL’s will not be changed (please advise if need specific IP’s for possible network whitelist)
Salesforce org is compatible with TLS 1.2 so rulling out 2nd resoan.
Not sure if we need to upload certificate in saleforce org now or the change has to be made to the other end where message is getting submitted ?
Thanks,
Rajesh
The post is really help full. I followed all the steps and resolved the issue. Thank you.
I did the above mentioned steps in my local and I am using WLS server. Windows 10 first time it worked when I did restart my system now it is not working, when I list the cettificate able to see it but still getting the same error. please can you help. Let me know how debug the error because I already installed the certificate to keystore still I am getting the error means the server lookg some where else.