My RCP application is using standard p2 functionality to update the client code. This has worked for several years but has now stopped working on ONE particular site's repository. It fails with sun.security.validator.ValidatorException (full stack trace below).
I have other repositories with the same p2 repository that work correctly. I checked with the site owner and they said their site's SSL is setup correctly.
Any suggestions on how I can troubleshoot this issue either from my end or the site owner's end.
Thanks for reading and thinking about my question!
0170725 07:30:49.200 134118 ERROR com.xyz.acmotor.base.BusinessStatusHandler - uncaught exception: org.eclipse.equinox.p2.transport.ecf : Connection to https://www.example.com/sites/motordb_update/repository/p2.index failed on sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Retry attempt 0 started
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.AppOutputStream.write(Unknown Source) ~[na:1.8.0_60]
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:159) ~[na:na]
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:166) ~[na:na]
at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:272) ~[na:na]
at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:277) ~[na:na]
at org.apache.http.impl.conn.AbstractClientConnAdapter.flush(AbstractClientConnAdapter.java:201) ~[na:na]
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:239) ~[na:na]
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:121) ~[na:na]
at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:685) ~[na:na]
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:487) ~[na:na]
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) ~[na:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[na:na]
at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.performConnect(HttpClientRetrieveFileTransfer.java:1084) ~[na:na]
at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.access$0(HttpClientRetrieveFileTransfer.java:1075) ~[na:na]
at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer$1.performFileTransfer(HttpClientRetrieveFileTransfer.java:1071) ~[na:na]
at org.eclipse.ecf.filetransfer.FileTransferJob.run(FileTransferJob.java:74) ~[na:na]
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55) ~[na:na]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[na:1.8.0_60]
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[na:1.8.0_60]
at sun.security.validator.Validator.validate(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[na:1.8.0_60]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[na:1.8.0_60]
... 24 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) ~[na:1.8.0_60]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[na:1.8.0_60]
at java.security.cert.CertPathBuilder.build(Unknown Source) ~[na:1.8.0_60]
... 30 common frames omitted
The root cause for this error is the application has a bundled java keystore with an expired certificate. Now to figure out how to update over and http connection.