I'm trying to load a page through SSL, and I'm getting this error:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Of course, I researched about it and it has something to do with the certificate of the page not being included in the java distribution I downloaded. Here's the ceritifcate hierarchy for the site I'm loading:
The first one (global sign) is, of course, included in the system. But what is "Trusted Root CA SHA256 G2"? Firefox says it's signed by GlobalSign. Also, could ICPEdu be the missing certificate? If so, how do I add it to the list of trusted certificates inside my java code?
But wait a moment... Since GlobalSign is trusted, shouldn't every certificate below be trusted too?
As pointed in the answer, here's the ssl debug:
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://secure.globalsign.com/cacert/icpedusha2g2.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/icpedusha2g2
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 95 F0 A4 84 1A A7 5C 20 36 A6 C5 08 D7 65 42 02 ......\ 6....eB.
0010: E5 77 68 E3 .wh.
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/gs/icpedusha2g2.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F ository/
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: www.parthenon.biblioteca.unesp.br
DNSName: parthenon.biblioteca.unesp.br
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6D BE 57 72 E3 B5 BD A2 0E 16 E3 A9 2F 8B E7 87 m.Wr......../...
0010: F1 4B 27 75 .K'u
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 2D 83 5B 63 56 82 77 74 FB EF 40 C1 7A 88 9B 1B -.[cV.wt..@.z...
0010: 34 37 79 4E 28 A4 79 18 69 25 FE 52 90 B4 79 B7 47yN(.y.i%.R..y.
0020: 90 00 58 CE 21 E6 96 BC E7 5B C3 5D 41 38 51 5E ..X.!....[.]A8Q^
0030: B5 DA D2 EA F6 44 83 FA B7 A8 66 90 77 C9 96 3D .....D....f.w..=
0040: 72 AE 05 5C F2 19 AE 36 43 F6 A5 DF E2 E5 F8 50 r..\...6C......P
0050: D3 CC EF AE 79 29 19 F6 F8 63 C0 26 E9 0C FA 86 ....y)...c.&....
0060: 30 1D BF 00 69 C8 E9 B5 B6 16 BE 6B 5F 63 5B AD 0...i......k_c[.
0070: F5 B4 18 82 0C 53 ED 36 AB 38 61 8B 80 C9 8C 62 .....S.6.8a....b
0080: E6 20 E3 CB 5A 2A 91 C2 CA 6A BE 31 B6 CB 65 57 . ..Z*...j.1..eW
0090: 33 47 43 9A B4 33 5B 45 D9 5E ED C6 7C 2B 0D B3 3GC..3[E.^...+..
00A0: E6 4C 5F 85 EF D0 BE CD 02 1B 6B C1 06 2F 7B F6 .L_.......k../..
00B0: C0 B7 C4 68 F1 F6 92 2B A4 B6 85 08 32 7C 8D 9F ...h...+....2...
00C0: 34 7D 08 5B B4 05 51 C8 E6 C4 29 86 04 32 FA 2B 4..[..Q...)..2.+
00D0: 18 42 56 43 88 DB EE 32 5F CE 8D 88 5E 91 C1 72 .BVC...2_...^..r
00E0: CB 0F FE F3 CA 55 D3 A4 40 57 E0 13 03 3F C9 16 .....U..@W...?..
00F0: 1F FC 31 28 CB 68 06 9F 0F 3A D2 3A 91 65 B2 D8 ..1(.h...:.:.e..
]
***
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
main, called close()
main, called closeInternal(true)
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target