1 Reply Latest reply: Feb 15, 2012 6:04 PM by EJP RSS

    Incorrect Certificate?

    904870
      I'm been banging my head against the wall with this one. I have Certificate Authority installed on my Server 2008 box and I ran the command:
      certutil -ca.cert client.crt

      This gets my servers certificate, right? So next I copied that to the PC that's going to be running my Java application. I import the certificate with:

      keytool -import -keystore .\jre\lib\security\cacerts -file client.crt

      After this I run my java application and get an error.

      Am I using the wrong certificate maybe? The guide told me when CA was installed I'd have a server cert file on C:\, which I never found.

      Here's my error, and the guide I followed:
      Guide:
      http://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory
      Error:
      -----
      javax.naming.CommunicationException: simple bind failed: 192.168.12.74:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
      at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
      at javax.naming.InitialContext.init(InitialContext.java:242)
      at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
      at eua.data.ADAuthenticator.authenticate(ADAuthenticator.java:93)
      at eua.gui.MainFrame$2.actionPerformed(MainFrame.java:157)
      at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2018)
      at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2341)
      at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
      at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
      at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252)
      at java.awt.Component.processMouseEvent(Component.java:6504)
      at javax.swing.JComponent.processMouseEvent(JComponent.java:3321)
      at java.awt.Component.processEvent(Component.java:6269)
      at java.awt.Container.processEvent(Container.java:2229)
      at java.awt.Component.dispatchEventImpl(Component.java:4860)
      at java.awt.Container.dispatchEventImpl(Container.java:2287)
      at java.awt.Component.dispatchEvent(Component.java:4686)
      at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4832)
      at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4492)
      at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4422)
      at java.awt.Container.dispatchEventImpl(Container.java:2273)
      at java.awt.Window.dispatchEventImpl(Window.java:2713)
      at java.awt.Component.dispatchEvent(Component.java:4686)
      at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:707)
      at java.awt.EventQueue.access$000(EventQueue.java:101)
      at java.awt.EventQueue$3.run(EventQueue.java:666)
      at java.awt.EventQueue$3.run(EventQueue.java:664)
      at java.security.AccessController.doPrivileged(Native Method)
      at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
      at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:87)
      at java.awt.EventQueue$4.run(EventQueue.java:680)
      at java.awt.EventQueue$4.run(EventQueue.java:678)
      at java.security.AccessController.doPrivileged(Native Method)
      at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
      at java.awt.EventQueue.dispatchEvent(EventQueue.java:677)
      at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:211)
      at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:128)
      at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:117)
      at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:113)
      at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:105)
      at java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868)
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1337)
      at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
      at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:998)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
      at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:848)
      at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
      at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
      at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
      at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
      at com.sun.jndi.ldap.Connection.run(Connection.java:835)
      at java.lang.Thread.run(Thread.java:722)
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
      at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
      at sun.security.validator.Validator.validate(Validator.java:260)
      at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
      at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
      at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1319)
      ... 12 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
      at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
      -----

      Thanks for taking the time to read this!

      Edited by: 901867 on Feb 15, 2012 10:00 AM
        • 1. Re: Incorrect Certificate?
          EJP
          I import the certificate with:

          keytool -import -keystore .\jre\lib\security\cacerts -file client.crt
          Is that JRE the JRE you are running your application with? If not, you need to use -Djavax.net.ssl.trustStore=xxx to point to that file.