Spring tool suite- SunCertPathBuilderException: unable to find valid certification path to requested target

Question

I am working on STS and while creating a new spring-boot project, it shows following error:

 SunCertPathBuilderException: unable to find valid certification path to requested target

since it access https://start.spring.io as a service URL.

I am working in a corporate network and they have their own certificates and security rules. I looked into web but could not find any clear solution for STS. How should I add certification path in STS for given URL. Any help is appreciated.

Answer 1

It would seem like the http now gets redirected to https. So changing https to http may not work. I am barely familiar with digital certificates. However, I have simply listed what I had to do to get it to work for me. This is perhaps what @Strelok has suggested.

I am on Windows 10 and JDK 1.8.0_144 64bit. I am also behind a corporate proxy. I did the following to get it to work for me. If you are in a similar situation it may work for you.

Export the corporate certificate (There may be other easier ways of doing this)

1. On Chrome, I went to https://start.spring.io
2. On the location bar clicked on the 'Lock' symbol next to https.
3. Selected 'Certificate(Valid)' on the ensuing pop-up.
4. On the resulting dialog box, clicked on the 'Certificate Path' tab, from under certificate path tree selected the root node, and then clicked on 'View Certificate'
5. On the resulting dialog box, clicked on the 'Details' tab and then clicked on 'Copy to File'
6. This brings up the 'Export wizard', clicked on 'Next'.
7. Left the certificate format to default 'DER encoded..', clicked on 'Next'.
8. Provided file name (.cer extension) for the certificate.
9. Clicked Finish.

The above steps exported a certificate to a file that I imported into truststore (cacerts).

To import

• Opened a 'Command' prompt as Administrator to import the certificate
• Went to bin directory of Java installation (this step is not needed if jre/bin is in your path)

• Ran the following:

  C:\Program Files\Java\jre1.8.0_144\bin>keytool -importcert -alias your-alias -keystore "C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts" -storepass changeit -file C:\certificate-file-location\saved-certificate-file.cer

(Substitute your java location, certificate file location and certificate file name as appropriate. The 'storepass' should be 'changeit'.)

Restarted STS

Answer 2

The simplest solution is to install your corporate certificate into the cacerts keystore of the JDK.

<JAVA_HOME>/bin/keytool -import -alias CorpProxy -keystore <JAVA_HOME>/jre/lib/security/cacerts -file your_corp_cert.crt

You will be prompted for the keystore password which is changeit by default.

Answer 3

I encountered the same problem and tried this: Window -> Preferences -> Network Connections Change mode to Manual

It works fine now.