CERTIFICATE_UNKNOWN error while hitting APIs through ZAP proxy
714 views
Skip to first unread message
arun bhilare
Aug 30, 2021, 4:57:43 AM8/30/21
to OWASP ZAP User Group
Hi There,
As part of our project, I was trying to trigger existing regression APIs(already automated using inhouse automation framework.) through ZAP proxy using https proxy argument but i can see below error in logs:
javax.net.ssl|ERROR|01|main|2021-08-30 02:58:26.551 EDT|TransportContext.java:344|Fatal (CERTIFICATE_UNKNOWN): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (
"throwable" : {
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
I am running below commands:
START C:/OWASP/Zed_Attack_Proxy/zap.bat -daemon -config api.disablekey=true -port 8081
set root=C:/TestAutomation/zaptest/
cd %root%
dir
C:/Java/jdk-11.0.10/bin/java.exe -Djavax.net.debug=all -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8081
-Dhttps.proxyHost=localhost -Dhttps.proxyPort=8081 -jar tests.jar
Whenever I am removing -Dhttps.proxyHost from command i dont see above issue but APIs are also not getting scanned.
Can you please help me to resolve this issue?
Thanks,
Arun
thc...@gmail.com
Aug 30, 2021, 5:03:52 AM8/30/21
to zaprox...@googlegroups.com
Hi.
You'd have to add ZAP's Root CA cert to the keystore used by your tests.
Best regards.
On 30/08/2021 09:57, arun bhilare wrote:
> Hi There,
>
> As part of our project, I was trying to trigger existing regression
> APIs(already automated using inhouse automation framework.) through ZAP
> proxy using https proxy argument but i can see below error in logs:
>
> *javax.net.ssl|ERROR|01|main|2021-08-30 02:58:26.551
You'd have to add ZAP's Root CA cert to the keystore used by your tests.
Best regards.
On 30/08/2021 09:57, arun bhilare wrote:
> Hi There,
>
> As part of our project, I was trying to trigger existing regression
> APIs(already automated using inhouse automation framework.) through ZAP
> proxy using https proxy argument but i can see below error in logs:
>
> EDT|TransportContext.java:344|Fatal (CERTIFICATE_UNKNOWN): PKIX path
> building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target ( "throwable" : {
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target at
> java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
> at
> java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
> at java.base/sun.security.validator.Validator.validate(Validator.java:264)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)*
> building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target ( "throwable" : {
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target at
> java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
> at
> java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
> at java.base/sun.security.validator.Validator.validate(Validator.java:264)
> at
>
> I am running below commands:
>
>
> START C:/OWASP/Zed_Attack_Proxy/zap.bat -daemon -config api.disablekey=true
> -port 8081
> set root=C:/TestAutomation/zaptest/
> cd %root%
> dir
> C:/Java/jdk-11.0.10/bin/java.exe -Djavax.net.debug=all
> -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8081
> -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8081 -jar tests.jar
>
>
> Whenever I am removing -*Dhttps.proxyHost *from command i dont see above
> I am running below commands:
>
>
> START C:/OWASP/Zed_Attack_Proxy/zap.bat -daemon -config api.disablekey=true
> -port 8081
> set root=C:/TestAutomation/zaptest/
> cd %root%
> dir
> C:/Java/jdk-11.0.10/bin/java.exe -Djavax.net.debug=all
> -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8081
> -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8081 -jar tests.jar
>
>
Reply all
Reply to author
Forward
0 new messages