search

stevespringett / nist-data-mirror

A simple Java command-line utility to mirror the CVE JSON data from NIST.
Apache License 2.0
206 stars 93 forks source link

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target #38

Closed ghost closed 4 years ago

ghost commented 4 years ago

Currently the downlod fails:

$ java -version
openjdk version "13" 2019-09-17
OpenJDK Runtime Environment AdoptOpenJDK (build 13+33)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 13+33, mixed mode, sharing)
$ java -jar nist-data-mirror-1.3.0.jar nist-mirror json
Downloading files at Mon Sep 30 09:03:50 CEST 2019
Downloading https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta
Download failed : PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...

Firefox 69.0.1 has no problems accessing this and other URLs.

jnohlgard commented 4 years ago

As a workaround until nvd.nist.gov fixes their published certificate chain you can ask the java SSL library to download the intermediates by adding -Dcom.sun.security.enableAIAcaIssuers=true on the java command line.

java -Dcom.sun.security.enableAIAcaIssuers=true -jar nist-data-mirror-1.3.0.jar nist-mirror json

See also https://docs.oracle.com/javase/8/docs/technotes/guides/security/certpath/CertPathProgGuide.html#AIA

stevespringett commented 4 years ago

This was an NVD issue. Closing