ORVE WS PROBLEMS FROM JAVA 13

0. Introduction

Some days after installing Java 13, the ORVE WS client did not work!

The error was:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

1.Why?



The server ssweb.minhap.es has a certificate whose CA root is GeoTrust TSL RSA CA G1.

This certificate is not in Java 13 "cacerts", although it is in Java 1.8 "cacerts". That's why Apache "cxf" rejects creating a client to this service as it does not rely on the server.



2. Solving the problem



1. Download the CA certificate from Geotrust and add it to the java cert store. You can do it for instance :

keytool -import -trustcacerts -alias geotrustorve -keystore /usr/lib/jvm/jdk-13.0.1/lib/security/cacerts -file /home/dowload/GeoTrust_TLS_RSA_CA_G1.crt

where:

geotrustorve is the alias 

/usr/lib/jvm/jdk-13.0.1/lib/security/cacerts is the location of the certificate store of java 13 in my computer. It can vary in yours.

/home/download/GeoTrust_TLS_RSA_CA_G1.crt is the certificate from the CA.

If these steps do not solve the problem, you should include also the certificate from ssweb.minhap.es


3. Getting the certificate from sweb.minhap.es

1. Open chrome with this url 
2. Click on this icon 
3.Click on:





And you can see information about the certificate 



and export it



Save it with extension "pem" for instance "minhap.pem".

Now use the keytool utility for importing it

keytool -import -trustcacerts -alias minhap -keystore /usr/lib/jvm/jdk-13.0.1/lib/security/cacerts -file /home/dowload/minhap.pem

Comments

Popular posts from this blog

ORVE WS (Dynamic) (4) Jackson XML mapper

ENI (1) ENI Document OR the Spanish Electronic Administration Mafia

ORVE WS (Dynamic) (12) Defiining the control tables