How to resolve PKIX path building failed/unable to find valid certification path to requested target issue

  • September 16, 2020

While developing an application, we might come across the following error:

[ERROR] Plugin com.mulesoft.munit.tools:munit-maven-plugin:2.2.4 or one of its dependencies could not be resolved: Failed to read artifact descriptor for com.mulesoft.munit.tools:munit-maven-plugin:jar:2.2.4: Could not transfer artifact com.mulesoft.munit.tools:munit-maven-plugin:pom:2.2.4 from/to mulesoft-releases (https://repository.mulesoft.org/releases/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]


The error is due to the system firewall. The system firewall restricts the application from connecting to external unsecured systems. The firewall requires a valid certificate to allow access to the external systems.

The solution is simple. We need to install the required certificates in our system so the firewall will allow us to interact with the external system and complete our process.

We are going to perform two activities:

  • Download the certificate.
  • Install the certificate.

To download the certificate, follow these steps:

  1. Take the particular URL from the error and copy it to a browser. (In the above error the url is https://repository.mulesoft.org/releases/).
  2.  

    repository mulesoft

     

  3. To the left of the URL there is a lock icon ( ). Click on this icon and a window will pop up. From the window, select the certificate.
  4.  

    certificate pop up window

     

  5. Once we select the certificate, it will redirect to another window. From there we have to select the Details tab and from the Details click on Copy to File. After clicking again, a new window will pop up. In that window, select next.
  6.  

    Certificate

     

    Welcome to the certificate

     

  7. After we perform all the above steps, we’ll be redirected to a new window where we select the format for the certificate. We’ll have to choose DER encoded binary and click on Next.

     

    Certificate export wizard

     

  8. Now we need to choose the location where we save the certificate, and we also need to name the certificate.
  9.  

    File to export

     

    DER Encoded Binary

     

  10. Once a File name is given and saved, select Next. It will direct us to another window showing the details. If all the details are correct, click Finish. An export Success pop up will appear.

Note: I saved the File name as repo.

 

Completing the certificates

 

Successful

 

The certificates have been downloaded. The next process is to install the certificate in the cacerts file of the jdk installed in our system using the command line.

Installation of the certificate from Command line:

Command for installation: keytool -importcert -trustcacerts -alias <alias name for the certificate> -file <path were we have save the certificate> -keystore “<path for the cacerts file>” - storepass changeit

The Command will be:

keytool -importcert -trustcacerts -alias repo -file C:\Users\DELL\Desktop\repo.cer -keystore “C:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts” -storepass changeit

Note:

  1. I’m using jdk1.8.0_131 so the cacerts file path for my system is “C:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts”. It may be different for others based on your system and jdk version.
  2. I’ve given the alias name as repo and the path where I save my certificate is C:\Users\DELL\Desktop\repo.cer

To install the certificate follow these steps:

  • Open Command Prompt as an Administrator. And Use the common for installation and press enter.

     

    code

     

  • Once the command is executed, it will ask for confirmation. Write Yes and the certificate will be installed with confirmation.
  •  

    code

     

    Certificate added

     

In the above process, we have downloaded and installed the certificate successfully in our system.

Now if we execute the application, it won’t show certificate issues and will also download the required data from that particular system.

— By Abhishek Bathwal