Troubleshoot Java with self-signed certificates

troubleshooting
java
ssl

#1

Problem

You try to access SSL secured services using self-signed certificates with a Java application. You can’t access the service and you get an exception:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested 
.
.
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
.
.
-

Diagnosis

To diagnose if your certificate is correctly stored in a trust store file, you can use SSLPoke to test if a connection with your custom trust store can be established.

Step 1: Download the SSLPoke executable jar file

wget https://github.com/opennms-forge/SSLPoke/releases/download/1.0/SSLPoke-1.0.jar

Step 2: Run the command and test if you can establish a connection

java -Djavax.net.debug=ssl  \
       -Djavax.net.ssl.trustStore=<path/to/your/trust-store.jks> \
       -jar SSLPoke-1.0.jar \
       <host-or-ip> <port>

#2

I am trying this as I am getting a PKIX error, but I get the following response when I try the command:
Usage: sk.mhecko.ssl.SSLPoke <host> <port>


#3

Can you try to change the order of the arguments? I think the -jar <host-or-ip> <port> should be the last arguments. If that works we should fix the run command in Step 2.


#4

That was it. I updated the original post to match.
Thanks.


#5

Thank you very much :ok_hand: