I have the following problem – when I try to use google sheets api to fulfill my google document from a Spring application, i get the following error:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[na:na] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[na:na] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) ~[na:na] at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[na:na] at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[na:na] at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458) ~[na:na] at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201) ~[na:na] at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[na:na] at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1500) ~[na:na] at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1415) ~[na:na] at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450) ~[na:na] at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421) ~[na:na] at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:580) ~[na:na]
I have found a lot of topics about this error but nothing helped me. The most common advice is to add trust certificate to jdk trust store.In order to do it, I have performed the following operations:
Received the certificate:
echo | openssl s_client -servername sheets.googleapis.com -connect sheets.googleapis.com:443 2>/dev/null | openssl x509 > google_certificate5.crt
passed it to my trust store
sudo keytool -importcert -trustcacerts -file /Users/pavel1709/Desktop/google_certificate5.crt -alias googleCert5 -keystore /Library/Java/JavaVirtualMachines/jdk-17.jdk/Contents/Home/lib/security/cacerts
And after it I got the message – Certificate was added to keystore.
But the error remains.
First of all I have checked where the application see the trust store:
System.out.println("javax.net.ssl.trustStore = " + System.getProperty("javax.net.ssl.trustStore"));
And it didn’t – the result was null.
After that I have set the trust store
System.setProperty("javax.net.ssl.trustStore", "/Library/Java/JavaVirtualMachines/jdk-17.jdk/Contents/Home/lib/security/cacerts");
But anyway – no success.
Pavel Molchanov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.