The error unable to find valid certification path to requested target usually occurs in Java applications when the server’s SSL certificate cannot be validated by the client.
This is simply an SSL error, when your application or server tries to establish an SSL/TLS connection, but certificate is not trusted by the system’s keystore (a storage for trusted certificates), the connection is rejected, leading to the error.
Table of Contents
Below is a snippet of the log messages the developer is shown while encountering this error.
caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:sun.securi5 Ways to Fix Unable to Find Valid Certification Path to Requested Target
I’m gonna share some quick fixes that mostly gets this issue of Unable to Find Valid Certification Path to Requested Target resolved. Without any further due lets get straight to our solution #1
1. Check the SSL Certificate
You can use any online SSL Certificate Checker tool or OpenSSL to verify if the SSL is valid and configured properly. If you wanna do it with OpenSSL just paste this command.
bash
openssl s_client -connect <server>:<port> -showcerts
That’s the first step.
2. Add the Missing Certificate
Now since this error is purely an SSL Complaint, what you can do to fix this is add the missing SSL certificate in the Java Truststore which is also known as cacerts
You can use this following command to convert the cerificate to DER format if not already.
bash command:
openssl x509 -outform der -in certificate.pem -out certificate.der
Import the certificate into Java-Truststore by using this bash command
keytool -import -alias <alias> -keystore $JAVA_HOME/lib/security/cacerts -file certificate.der
The default password for the cacerts truststore is changeit.
Create your Custom Truststore
Now if you dont wanna modify the cacerts you can use your custom trustone and configure it in your application.
Create a new truststore using the following bash command:
keytool -import -alias <alias> -keystore mytruststore.jks -file certificate.der
Configure your Java application to use the custom truststore by setting the following system properties:
-Djavax.net.ssl.trustStore=/path/to/mytruststore.jks
-Djavax.net.ssl.trustStorePassword=<password>
4. Self Signed SSL
If you’re working with self-signed certificates what you’ll need to do is ti explicitly add the certificate to your truststore, just like we did above.
keytool -import -alias "selfSignedCert" -file self-signed-cert.pem -keystore cacerts
Be sure to use the appropriate file path for your certificate and truststore.
5. Disable SSL
Though its not recommended if your application contains sensitive information, but if you wanted to debug the issue temporary or there isn’t anything that you should be worried about you can disable it.
In Java, you can create a custom TrustManager that trusts all certificates.
Update Java Version
Now this is also a solution, you might be getting this problem because you will be using an older Java Version, so you can try switching to the new version and it can get the issue resolved.
Most Common Causes
The “unable to find valid certification path to requested target” error can arise due to several common causes and we discussed 5 solutions to fix it.
One of the biggest reason is the missing or invalid of the SSL certificate, when an intermediate or root certificate isnt included in the certificate chain.
This can happen when the server you’re connecting to uses a certificate issued by a Certificate Authority (CA) which isnt trusted by your Java environment.
Another cause is the use of self-signed certificates, which Java doesn’t trust by default unless explicitly added to the truststore.
Additionally, expired or revoked certificates in the chain can invalidate the connection, triggering the error.
Finally, improper configuration of the truststore or keystore, such as missing certificates or incorrect paths, can also lead to this issue.
These factors combine to prevent Java from establishing a secure, trusted connection.
If you issue didn’t get solved, you can share with us and we’ll try to get it resolved also you can read our recent publication on HTTP Error 500.30 ASP.Net Core App Failed to Start.
