PKIX path building failed
Ian Bailey
server, I am getting errors the first time I use a typica method call.
I understand that there is something wrong with certificates or the
keystore, but I have been unable to find a fix. Any help would be
appreciate it.
This is under Sun's Java 64-Bit Server VM, build 1.5.0_06, called from
inside JBoss 4.0.5.GA.
Here's the stack trace:
com.xerox.amazonws.ec2.EC2Exception:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPath
BuilderException: unable to find valid certification path to requested
target
at com.xerox.amazonws.ec2.Jec2.describeImages(Jec2.java:341)
at com.xerox.amazonws.ec2.Jec2.describeImages(Jec2.java:247)
at my.code.MyServlet.doWork(MyServlet.java:50)
at my.code.MyServlet.doPost(MyServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
717)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
810)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
173)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:
96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
178)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:
175)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:
74)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
105)
at
org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:
156)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
869)
at org.apache.coyote.http11.Http11BaseProtocol
$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:
664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:
527)
at
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:
112)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.
SunCertPathBuilderException: unable to find valid certification path
to requested target
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:
1476)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
847)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:
106)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:
495)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:
433)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:
815)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:
1025)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1038)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:
402)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:
170)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:
913)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:
234)
at com.xerox.amazonws.ec2.Jec2.describeImages(Jec2.java:306)
... 25 more
Caused by: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable t
o find valid certification path to requested target
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:
145)
at sun.security.validator.Validator.validate(Validator.java:
203)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:
172)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:
320)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
840)
... 36 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:
236)
at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 41 more
Ian Bailey
AWS certificate fixed the problem:
-Djavax.net.ssl.keyStore=/path/to/my_aws.keystore
I guess while installing the ec2 tools on my system I set this up
somehow implicitly.