1

I am connecting to a webservice SSL client auth, I set up the keystore by:

System.getProperties().setProperty("javax.net.ssl.keyStore", 
                                  "d:/banking/BankClient/classes/xxcompany/bank/certificate/keystore.jks");
System.getProperties().setProperty("javax.net.ssl.keyStorePassword","password");

When calling the webservice:

GetAccountBalanceResponse resp = services.getAccountBalance(request);

I get a following error

WARNING:Cannot connecti with url: https://[redacted] ; reason: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Exception in thread "main" java.rmi.RemoteException: ; nested exception is: 
    HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:146)
    at xxcompany.bank.proxy.ServicesPortClient.getAccountBalance(ServicesPortClient.java:48)
    at xx.bank.client.main(client.java:111)
Caused by: HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at oracle.j2ee.ws.client.http.HttpClientTransport.invokeImpl(HttpClientTransport.java:174)
    at oracle.j2ee.ws.client.http.HttpClientTransport.invoke(HttpClientTransport.java:150)
    at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:176)
    at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:113)
    at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:130)
    ... 2 more

The keystore containes the private certificate for the client, the certificate is valid and works fine when used in the browser. How should I fix it?

Many thanks.

Improve this question

1 Answer 1

Reset to default
3

This error occurs when the CA which signed the server cert is either not one of the well know CAs or the public certificate of the CA is not in the trust store of the client. To get around this you will have to add the public certificate of the CA to the trust store of the client.

See unable to find valid certification path to requested target and No more 'unable to find valid certification path to requested target' for detailed instructions.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.