Error: unable to find valid certification path to requested target

Discussion:

Jeanna Geier

2006-09-06 16:20:00 UTC

Hi I'm having some problems connecting to a Slide client and would appreciate any help you could offer. I'm a newbie here, so please bear with me.

keytool -genkey -alias tomcat -keyalg RSA

and entered info for certificate - name on certificate: localhost

keytool -import -alias root -keystore .keystore -trustcacerts -file CA_Certificate.cert
keytool -import -alias tomcat -keystore .keystore -trustcacerts -file CA_Certificate.cert
keytool -export -alias tomcat -file server.crt
keytool -import -alias root -file server.crt -keystore C:\Java\jdk1.5.0_06\jre\lib\security\cacerts
keytool -import -alias tomcat -file server.crt -keystore C:\Java\jdk1.5.0_06\jre\lib\security\cacerts

-------------------------------------------------------------------------
When I open Internet Explorer and log in: "https://localhost/slide", I get the certificate (as expected) and when I click <yes> I am able to log into Slide.

When I attempt to log in using the Slide client, I run into problems.

C:\jakarta-slide-webdavclient-bin-2.1\bin>run.bat
[ Slide ] $ open https://localhost/slide/
connect https://localhost/slide/
Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[ Slide ] $

Any ideas? Most everywhere I looked suggested adding the certificate to the Java security store, which I've done, or verify that the name on the certificate is "localhost" (which it is) to fix the problem.... I've been working on this for almost a week with no luck, so any help you could give would be greatly appreciated!!
-Jeanna

Bill Barker

2006-09-07 05:44:47 UTC

Permalink

You need to import the top level cert into cacerts with -trustcacerts.
Otherwise it is untrusted.

"Jeanna Geier" <***@apt-cafm.com> wrote in message news:008601c6d1d0$4dcf1ea0$***@geier...
Hi I'm having some problems connecting to a Slide client and would
appreciate any help you could offer. I'm a newbie here, so please bear with
me.

keytool -genkey -alias tomcat -keyalg RSA

and entered info for certificate - name on certificate: localhost

keytool -import -alias root -keystore .keystore -trustcacerts -file CA_Certificate.cert
keytool -import -alias tomcat -keystore .keystore -trustcacerts -file CA_Certificate.cert
keytool -export -alias tomcat -file server.crt
keytool -import -alias root -file server.crt -keystore
C:\Java\jdk1.5.0_06\jre\lib\security\cacerts
keytool -import -alias tomcat -file server.crt -keystore
C:\Java\jdk1.5.0_06\jre\lib\security\cacerts

-------------------------------------------------------------------------
When I open Internet Explorer and log in: "https://localhost/slide", I get
the certificate (as expected) and when I click <yes> I am able to log into
Slide.

When I attempt to log in using the Slide client, I run into problems.

C:\jakarta-slide-webdavclient-bin-2.1\bin>run.bat
[ Slide ] $ open https://localhost/slide/
connect https://localhost/slide/
Error: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
[ Slide ] $

Any ideas? Most everywhere I looked suggested adding the certificate to the
Java security store, which I've done, or verify that the name on the
certificate is "localhost" (which it is) to fix the problem.... I've been
working on this for almost a week with no luck, so any help you could give
would be greatly appreciated!!
-Jeanna

---------------------------------------------------------------------
To start a new topic, e-mail: ***@tomcat.apache.org
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org

Jeanna Geier

2006-09-07 13:10:08 UTC

Permalink

Thanks for the reply!

Could you please tell me what the 'top level cert' is? Isn't that what I
did when I did the following?:

keytool -import -alias root -file server.crt -keystore
C:\Java\jdk1.5.0_06\jre\lib\security\cacerts

and

keytool -import -alias tomcat -file server.crt -keystore
C:\Java\jdk1.5.0_06\jre\lib\security\cacerts

I apologize if these questions sound remedial, but I'm new to this.

Thanks again for your help, it is greatly appreciated!
-Jeanna

----- Original Message -----
From: "Bill Barker" <***@wilshire.com>
To: <***@tomcat.apache.org>
Sent: Thursday, September 07, 2006 12:44 AM
Subject: Re: Error: unable to find valid certification path to requested
target

Post by Bill Barker
You need to import the top level cert into cacerts with -trustcacerts.
Otherwise it is untrusted.
Hi I'm having some problems connecting to a Slide client and would
appreciate any help you could offer. I'm a newbie here, so please bear
with me.

keytool -genkey -alias tomcat -keyalg RSA

and entered info for certificate - name on certificate: localhost

keytool -import -alias root -keystore .keystore -trustcacerts -file CA_Certificate.cert
keytool -import -alias tomcat -keystore .keystore -trustcacerts -file CA_Certificate.cert
keytool -export -alias tomcat -file server.crt
keytool -import -alias root -file server.crt -keystore
C:\Java\jdk1.5.0_06\jre\lib\security\cacerts
keytool -import -alias tomcat -file server.crt -keystore
C:\Java\jdk1.5.0_06\jre\lib\security\cacerts

-------------------------------------------------------------------------
When I open Internet Explorer and log in: "https://localhost/slide", I get
the certificate (as expected) and when I click <yes> I am able to log into
Slide.
When I attempt to log in using the Slide client, I run into problems.
C:\jakarta-slide-webdavclient-bin-2.1\bin>run.bat
[ Slide ] $ open https://localhost/slide/
connect https://localhost/slide/
Error: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
[ Slide ] $
Any ideas? Most everywhere I looked suggested adding the certificate to
the Java security store, which I've done, or verify that the name on the
certificate is "localhost" (which it is) to fix the problem.... I've been
working on this for almost a week with no luck, so any help you could give
would be greatly appreciated!!
-Jeanna
---------------------------------------------------------------------

---------------------------------------------------------------------
To start a new topic, e-mail: ***@tomcat.apache.org
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org