ORVE WS PROBLEMS FROM JAVA 13
0. Introduction
Some days after installing Java 13, the ORVE WS client did not work!The error was:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
1.Why?
The server ssweb.minhap.es has a certificate whose CA root is GeoTrust TSL RSA CA G1.
This certificate is not in Java 13 "cacerts", although it is in Java 1.8 "cacerts". That's why Apache "cxf" rejects creating a client to this service as it does not rely on the server.
2. Solving the problem
1. Download the CA certificate from Geotrust and add it to the java cert store. You can do it for instance :
keytool -import -trustcacerts -alias geotrustorve -keystore /usr/lib/jvm/jdk-13.0.1/lib/security/cacerts -file /home/dowload/GeoTrust_TLS_RSA_CA_G1.crt
where:
geotrustorve is the alias
/usr/lib/jvm/jdk-13.0.1/lib/security/cacerts is the location of the certificate store of java 13 in my computer. It can vary in yours.
/home/download/GeoTrust_TLS_RSA_CA_G1.crt is the certificate from the CA.
If these steps do not solve the problem, you should include also the certificate from ssweb.minhap.es
3. Getting the certificate from sweb.minhap.es
1. Open chrome with this url2. Click on this icon
3.Click on:
And you can see information about the certificate
and export it
Save it with extension "pem" for instance "minhap.pem".
Now use the keytool utility for importing it
keytool -import -trustcacerts -alias minhap -keystore /usr/lib/jvm/jdk-13.0.1/lib/security/cacerts -file /home/dowload/minhap.pem
Comments
Post a Comment