sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The problem is that my SSL certificate on my LDAP server is self signed and my client (the one running the LdapLoginModule) cannot trust it.
To solve this problem download the certificate (I used Firefox, but Internet Explorer could probably also be used).
- Surf to https://myserver:myport/
- Press "I understand the risks" (or something like that, I'm using a Swedish firefox)
- Press "Add an exception"
- Press "Get certificate"
- Press "Show"
- Press "Details"
- Press "Export"
- Save it to disc somewhere. For example "mysslcertificate.cer"
keytool -import -file mysslcertificate.cer -keystore mykeystore
The certificate is stored in the keystore named mykeystore in the current directory (will be created if it does not exist).
When launching the java application set the following VM parameter: javax.net.ssl.trustStore. For example:
java -Djavax.net.ssl.trustStore=mykeystore MyJavaProgram
Note: The keytool command demand that a password is set for the keystore. But the password is not required to read the certificates in the keystore (probably because certificates are considered public).
The following blog post gave me the initial help of how to do this http://blogs.sun.com/andreas/entry/no_more_unable_to_find.
No comments:
Post a Comment