Getting SSL Handshake exception. PKIX path building failed: unable to find valid certification path to requested target

[samwal]

Hello,

String quandlCode = "WWDI/USA_NY_GDP_MKTP_CD";
ClassicQuandlSession session = ClassicQuandlSession.create();
MetaDataResult metaData = session.getMetaData(MetaDataRequest.of(quandlCode));
logger.info(metaData.toPrettyPrintedString());
TabularResult tabularResult = session.getDataSet(DataSetRequest.Builder.of(quandlCode).build());
logger.info(tabularResult.toPrettyPrintedString());

I am getting the following error while making above calls. I have already added the necessary certificates to my jdk/jre keystore but no luck.

openssl s_client -connect quandl.com:443>public.crt (copy content including begin and end certificate lines) C:\Program Files\Java\jdk1.8.0_141\bin>keytool -import -alias quandl.com -keystore ../jre/lib/security/cacerts -file public.crt (if prompted for a passport type: changeit) keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

and here is the exception that is getting thrown from the java app. ............ Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[na:1.8.0_141] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[na:1.8.0_141] at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_141] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_141] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[na:1.8.0_141] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_141] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[na:1.8.0_141] ... 43 common frames omitted Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_141] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_141] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_141] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[na:1.8.0_141] ... 49 common frames omitted

[samwal]

Hello, Just wanted to know if you have any insight into the issue I am running into for PKIX. Any help is greatly appreciated.

[jimmoores]

Hi,

Sorry, for whatever reason I missed the notification of your issue. I'll look into it.

Their certificate just renewed on 2/11/17 so they must have used some cheap SSL cert authority that isn't in the Java 8 cert store by default. What you're trying to do looks like it should be the solution but clearly that's not working for you.

I'll get back to you shortly.

Jim

[jimmoores]

Oh, I think I see an issue with your command to pull the certificate

[jimmoores]

Try changing references to quandl.com to www.quandl.com

[jimmoores]

In all your commands. For some reason they bought the certificate on www and have a redirect and I recall from an issue a couple of years back that jersey client didn't like redirected Https certs.

[jimmoores]

Any luck with my suggestions?