You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm having problems to add a custom certificate to Java Cacerts. It works at image amazoncorretto:21.0.2-al2023-headless, but throws exception at image amazoncorretto:21. I'm using keytool to import the certificate. Is the any difference between the two images related to keytool and cacert management ?
amazoncorreto:21
sijurel | javax.net.ssl|ERROR|A2|http-nio-7070-exec-1|2024-02-20 15:18:47.664 BRT|TransportContext.java:370|Fatal (CERTIFICATE_UNKNOWN): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (
sijurel | "throwable" : {
sijurel | sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sijurel | at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388)
The images contain a different set of certificates in the keystore. The amazoncorretto:21 has all of the certificates from Amazon Linux 2 as well as those from upstream OpenJDK, amazoncorretto:21.0.2-al2023-headless only contains the certificates from Amazon Linux 2023. The error seems to say that some intermediate certificates in the chain are missing and those should be added before adding this certificate that is failing.
I'm having problems to add a custom certificate to Java Cacerts. It works at image amazoncorretto:21.0.2-al2023-headless, but throws exception at image amazoncorretto:21. I'm using keytool to import the certificate. Is the any difference between the two images related to keytool and cacert management ?
amazoncorreto:21
sijurel | javax.net.ssl|ERROR|A2|http-nio-7070-exec-1|2024-02-20 15:18:47.664 BRT|TransportContext.java:370|Fatal (CERTIFICATE_UNKNOWN): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (
sijurel | "throwable" : {
sijurel | sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sijurel | at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388)
amazoncorretto:21.0.2-al2023-headless
sijurel | 14:10:29 DEBUG - jdk.event.security : ValidationChain: 3822549688, 2605480992
sijurel | 14:10:29 DEBUG - jdk.event.security : X509Certificate: Alg:SHA1withRSA, Serial:ce7e0e517d846fe8fe560fc1bf03039, Subject:CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, Issuer:CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, Key type:RSA, Length:2048, Cert Id:3434562768, Valid from:11/9/06, 9:00 PM, Valid until:11/9/31, 9:00 PM
.....
The text was updated successfully, but these errors were encountered: