Skip to content
Florian Schmaus edited this page Aug 27, 2016 · 3 revisions

Exception: unable to find valid certification path to requested target

Question: I get "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

Answer: Your SSLContext is not able to build a valid trust path from the certs in the trust store to the cert presented. Your options are:

  • Find a cert which when put in the trust store establishes a valid trust chain
  • Install a end-entity certificate which has a valid trust path on the service
  • Use TLS pinning (e.g. java-pinning) on the client side
  • Use TOFU principe for trust the certificate (e.g. Memorizing Trust Manager for Android).
  • Accept all certificate (Don't do that)
  • Don't use TLS (Only in certain situations a viable option)

Please also read up on TLS and make sure to understand how it works before you try to secure connections via TLS.