I have a java application that has been working fine until recently.
It started raising the exception:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have a few versions of this application. For compilation and running: some are using the Java 8 that's on my path, some are using a specific reference to a Java 11 I have and some use an embedded Red Hat Java 11... Each uses a copy of the PKCS12 keystore. So, let's assume this file isn't corrupted.
All suddenly stopped working with the above exception!
To make matters more frustrating, simulating the failing API calls on the same machine, using Postman is passing just fine!
If it matters, the java applications use a PKCS12 keystore, which was generated by keytool from crt+key files (which are the ones Postman is using)
Any ideas what's going on? I did have a Java update lined up, I updated (1.8.0_261 now) and restarted - still the same problem...
Update: Admin shared with me the old and new server certificates (not sure they are allowed to do that?). I was able to see some minor changes. Especially interesting looks the issuer:
Old: DigiCert SHA2 Secure Server CA, DigiCert Inc
New: DigiCert TLS RSA SHA256 2020 CA1, DigiCert Inc
I guess it's a case of new issuer not trusted by Java? And I could potentially fix this by editing my cacerts file?
Would love a little light shed on this. So, I have some feeling of understanding, please :)
Sure, download the new intermediate certificate from DigiCert in PEM or DER format and import it to the CA store as trusted CA.
After that the case should get fixed.