PKIX path building failed

[mallikarjundontamsetti]

Am getting following error while Could you please help on this.

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105) at microsoft.exchange.webservices.data.EwsX509TrustManager.checkServerTrusted(EwsX509TrustManager.java:62) at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:865) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)

[sunnypav]

Have you imported the certificate into java keystore ?

[mallikarjundontamsetti]

yes get the certificate from Firefox browser by accessing (https://example...../EWS/...) and using keytools added certificate to keystore and cacerts under file inside JDK-jre-lib-security. refering keystore path in my program using "System.setProperty("javax.net.ssl.keyStore", "C:\Users\mallikarjun_d.keystore"); " Still it is givig same error

[sunnypav]

JSSE looks for certificates in trust store not in keystore set up the property javax.net.ssl.trustStore as well.

[MikeN123]

Or just add the certificate to your cacerts keystore, in $JRE_HOME/lib/security.

[sudeeppatil]

I get this error- Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at microsoft.exchange.webservices.data.EwsX509TrustManager.checkServerTrusted(Unknown Source) ... 44 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 50 more

How to address this issue? What if I am working with multiple exchange servers. I need to add them all? Please help. I wrote a quick dot net app using EWS and don't see this issue.

[sudeeppatil]

I am not able to get it working for some of the exchange versions due to the above error. Any solution?

[serious6]

have you checked this one on stackoverflow?

[sudeeppatil]

Thanks. But the post suggests to download the certificate and set path. But i need to support multiple exchange account(multiple customers). Is there is better way to handle it or fix the issue in the API. As I said, it works fine when i use the EWS managed APIs.

[dotCipher]

:+1: It would potentially be really slick if we could build and pass in our own EwsSSLProtocolSocketFactory into the ExchangeService. This would allow one to not need to install the cert onto the local machine's cacerts and instead package a specific truststore that could be passed in a limited scope to the ExchangeService, thus averting the need to set the jvm system properties as well.

[ggeorgovassilis]

+1 on specifying custom connection providers. Importing certificates in the global JVM keystore isn't always possible, e.g. I don't control the JVM or application server the application is running on or the application runs in a managed environment like cloud foundry.