How to fix PKIX struggles using cacerts

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi so today i'm going to cover pki xpath building failed exception here i'm doing a http get to this url and i get this error this normally happens when the root ca is not part of the jre lib security ca certs file which is provided by jdk by default now if we inspect this cert so let's do this see so see this is the it's a wildcard cert and the roots this is the root certificate authority so we can actually go to details and copy to file but this will copy the wildcard search normally website certificates which which are at the lowest level are valid for one or two years so like this one is valid till nine tenths so these expire quickly compared to these ones the roots are so if you look at roots or this is well until 2036. so the best practice is actually to use the root certificate and if there is any intermediate certificate so we will export both of them but not the website fully qualified domain name cert so like this guy so what we will do is we'll go view certificate copy to file and then let's call it bad ssl underscore ca and say finish okay so now what i'm going to do is i'm going to import this in jdk lib security so this will be j r e lib security in java 876 and the file is csrts here so i'm going to import it here and then i'll show that it works but this is not a good practice because every time jdk is upgraded you'll get a new file and you'll have to do this again instead the best practice is to do it in your own key store and then use that but i'll cover that in next video for now what we will do is i am going to import this key tool hyphen import hyphen file which is desktop so users username desktop and bad ssl and then alias where ssl underscore ca alias is required all not required it's used to use as an unique identifier so if you want to delete this you can use it otherwise key tool will generate its own and let's say keystone ca certs in jdk 11 hyphen keystore is not required it's direct hyphen csrt but i'm using this for backward compatibility just to show you if in case you're using jdk 786 but this will give me a warning that i should use hyphen c assets the default password is change it so use that and then we say yes to trusted now it was added so now what we will do is we'll run the program okay it works just to show you if we wanted to remove the certificate that we added so what we will say is key2 hyphen delete hyphen alias pad ssl underscore ca from cassettes i'll get the one thing again change c-h-a-n-g change it so now if i run this again i'll get the error because the cert is now no longer in the csrts oh hope this helped

Info

Channel: Rahul Random Learnings

Views: 434

Rating: undefined out of 5

Keywords: maven, PIKX, ValidatorException, sun.security.validator.ValidatorException, sun.security.provider.certpath.SunCertPathBuilderException, unable to find valid certification path to requested target, Unable to connect to SSL, javax.net.ssl.SSLHandshakeException, PKIX path building failed, javax.net.ssl.sslhandshakeexception, java.security.cert.certificateexception, How to fix javax.net.ssl.SSLHandshakeException, java.security.cert.CertificateException, Core Java, SSL, SSL Certificate, PKIX, cacerts

Id: DVwO7GHU5hk

Channel Id: undefined

Length: 4min 44sec (284 seconds)

Published: Tue Sep 28 2021