- Make sure of your JVM location. There can be half a dozen JREs onyour system. Which one is your Tomcat really using? Anywhere insidecode running in your Tomcat, writeprintln(System.getProperty("java.home")). Note this location. In<java.home>/lib/security/cacerts file are the certificates used byyour Tomcat.
- Find the root certificate that is failing. This can befound by turning on SSL debug using -Djavax.net.debug=all. Run yourapp and note from console ssl logs the CA that is failing. Its urlwill be available. In my case I was surprised to find that a proxy zscaler was the one which was failing, as it was actually proxying my calls, and returning its own CA certificate.
- Paste url in browser. Certificate will getdownloaded.
- Import this certificate into cacerts using keytool import.
↧
Answer by Apurva Singh for Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
↧
