{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 荒废的爱情 的问题《“PKIX path building failed” and “unable to find va》','https://www.manongdao.com/q-3771.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to get tweets using twitter4j library for my java project. On my first run I got an error about certificate sun.security.validator.ValidatorException and sun.security.provider.certpath.SunCertPathBuilderException. Then I added twitter certificate by:
C:\Program Files\Java\jdk1.7.0_45\jre\lib\security>keytool -importcert -trustcacerts -file PathToCert -alias ca_alias -keystore "C:\Program Files\Java\jdk1.7.0_45\jre\lib\security\cacerts"
But without success. Here is the procedure to get twitters:
public static void main(String[] args) throws TwitterException {
ConfigurationBuilder cb = new ConfigurationBuilder();
cb.setDebugEnabled(true)
.setOAuthConsumerKey("myConsumerKey")
.setOAuthConsumerSecret("myConsumerSecret")
.setOAuthAccessToken("myAccessToken")
.setOAuthAccessTokenSecret("myAccessTokenSecret");
TwitterFactory tf = new TwitterFactory(cb.build());
Twitter twitter = tf.getInstance();
try {
Query query = new Query("iphone");
QueryResult result;
result = twitter.search(query);
System.out.println("Total amount of tweets: " + result.getTweets().size());
List<Status> tweets = result.getTweets();
for (Status tweet : tweets) {
System.out.println("@" + tweet.getUser().getScreenName() + " : " + tweet.getText());
}
} catch (TwitterException te) {
te.printStackTrace();
System.out.println("Failed to search tweets: " + te.getMessage());
}
And here is the error:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Relevant discussions can be found on the Internet at:
http://www.google.co.jp/search?q=d35baff5 or
http://www.google.co.jp/search?q=1446302e
TwitterException{exceptionCode=[d35baff5-1446302e 43208640-747fd158 43208640-747fd158 43208640-747fd158], statusCode=-1, message=null, code=-1, retryAfter=-1, rateLimitStatus=null, version=3.0.5}
at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:177)
at twitter4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:61)
at twitter4j.internal.http.HttpClientWrapper.get(HttpClientWrapper.java:81)
at twitter4j.TwitterImpl.get(TwitterImpl.java:1929)
at twitter4j.TwitterImpl.search(TwitterImpl.java:306)
at jku.cc.servlets.TweetsAnalyzer.main(TweetsAnalyzer.java:38)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at twitter4j.internal.http.HttpResponseImpl.<init>(HttpResponseImpl.java:34)
at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:141)
... 5 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 26 more
Failed to search tweets: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I had a slightly different situation, when both JDK and JRE 1.8.0_112 were present on my system.
I imported the new CA certificates into
[JDK_FOLDER]\jre\lib\security\cacertsusing the already known command:Still, I kept getting the same PKIX path building failed error.
I added debug information to the java CLI, by using
java -Djavax.net.debug=all ... > debug.log. In the debug.log file, the line that begins with trustStore is: actually pointed to the cacerts store found in[JRE_FOLDER]\lib\security\cacerts.In my case the solution was to copy the cacerts file used by JDK (which had the new CAs added) over the one used by the JRE and that fixed the issue.
This isn't a Twitter-specific answer, but this is the question that comes up when you search for this error. If your system is receiving this error when connecting to a website that appears to have a valid certificate when viewed in a web browser, that probably means that website has an incomplete certificate chain.
For a brief summary of the problem: Certificate Authorities don't use their Root Certificate to sign just any old certificate. Instead, they (usually) sign intermediate certificates that also have the Certificate Authority flag set (that is, are allowed to sign certificates). Then when you purchase a certificate from a CA, they sign your CSR with one of these intermediate certificates.
Your Java trust store most likely only has the Root Cert, not the intermediate ones.
A misconfigured site might return just their signed cert. Problem: it was signed with an intermediate cert that's not in your trust store. Browsers will handle this problem by downloading or using a cached intermediate certificate; this maximizes website compatibility. Java and tools like OpenSSL, however, won't. And that will cause the error in the question.
You can verify this suspicion by using the Qualys SSL Test. If you run that against a site and it says
then that confirms it. You can also see this by looking at the certification paths and seeing the text Extra Download.
How to fix it: the server administrator needs to configure the web server to return the intermediate certificates as well. For Comodo, for example, this is where the
.ca-bundlefile comes in handy. For example, in an Apache configuration with mod_ssl, you'd use theSSLCertificateChainFileconfiguration setting. For nginx, you need to concatenate the intermediate certificates and the signed certificate and use that in the SSL cert configuration. You can find more by searching for "incomplete certificate chain" online.1. Check the certificate
Try to load the target URL in browser and view the site's certificate (usually it's accessible by the icon with the lock sign. It's on the left or right side of the browser's address bar) whether it's expired or untrusted by other reason.
2. Install latest versions of JRE and JDK
New versions usually come with the updated set of the trusted certificates.
Also if it's possible, uninstall old versions. This will make misconfiguration errors explicit.
3. Check your configuration:
4. Copy whole keystore from the new Java version
If you develop under the JDK other than the latest available - try to replace the
%JAVA_HOME%/jre/lib/security/cacertsfile with the new one from the latest installed JRE (make a backup copy first) as @jeremy-goodell suggests in his answer5. Add certificate(s) to your keystore
If nothing above solves your problem use
keytoolto save certificate(s) to the Java's keystore:File with the certificate can be obtained from the browser as @MagGGG suggests in his answer.
Note 1: you may need to repeat this for every certificate in the chain to you site's certificate. Start from the root one.
Note 2:
<alias_name>should be unique among the keys in the store orkeytoolwill show an error.To get list of all the certificates in the store you may run:
In case something goes wrong this will help you to remove certificate from the store:
It is used for jump the certificate validation.
When you have above error with atlassian software ex. jira
you can add certs to it's trusted keystore (change missing_ca to proper cert name):
If asked for password put
changeitand confirmyAfter that simply restart jira.
i have the same problem on ubuntu 15.10. Please try download plugin locally e.g. https://github.com/lmenezes/elasticsearch-kopf/archive/master.zip and install with this command:
Path maybe different depending on your environment.
Regards.