On 2/12/16 5:53 PM, Matt Chambers wrote: > I’m not sure if I’m daft or just missing something super obvious, but I’m > trying to setup HttpClient to connect to a Spring Boot server using a self > signed cert, pretty much all day. Works fine via Chome, Python’s ‘requests’ > module, and Objective-C but no matter what I do, this exception haunts me. > > java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target >
If you are using Oracle JDK: In the most recent versions of Java, Oracle has by default disallowed PKIX trust of certificates signed with MD5 algorithms. So check your cert's signature algorithm. If it's MD5, either generate a new cert with SHA1, SHA256, etc, or change the property which controls this in jre/lib/security/java.security: jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 Remove MD5 from the list.