That error always means that the truststore your client is using doesn't have a certificate that can authenticate the certificate the remote server is presenting.
Here are some things that could cause that to happen: 1. An appropriate cert isn't in the truststore. 2. A cert that would be valid is in the truststore, but there's something wrong with it (it's expired, revoked, doesn't list the hostname or IP in the subjectAlternateNames, etc.). I'm not sure that this wouldn't give a more specific exception, but it's worth checking. 3. Your truststore has a valid cert, but your client isn't actually using it (even if you think it is). 4. Your server's cert isn't what you think it is (or the server isn't using it), so your truststore doesn't actually validate it. I'd suggest that you first confirm that your truststore really does validate your server cert using some other method. There may be tools out there that do exactly that for you, and I suggest you Google to try to find one, but if not you could always put an image in a web or app server that's configured to use your server cert and then write a simple piece of code to download the image using the truststore. That would check #1 and #2. Then to check #4, use a browser to hit your HTTPS endpoint and inspect the cert the server presents to make sure it's the one you expect. If none of those reveal anything wrong, #3 is your problem, in which case you need to confirm that you're properly passing all necessary arguments to the JVM. And remember that capitalization matters for JVM arguments. Tim On Feb 24, 2017 7:02 AM, "shenrj" <[email protected]> wrote: > I was customizing BrokerPlugin, but there was an error when I was using > org.apache.commons.httpclient.HttpClient to access the HTTPS site: > > = = = = = > > Javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > = = = = = > > Can someone help me > > > > -- > View this message in context: http://activemq.2283324.n4.nab > ble.com/Javax-net-ssl-SSLHandshakeException-tp4722408.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com. >
