Thursday, July 18, 2013

Why do we get "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" exception?

Most of the time we might get an issue which says the following while trying to subscribe to emails in carbon products,


 [2013-07-18 11:25:22,974] ERROR {org.apache.axis2.transport.mail.MailTransportSender} - Error creating mail message or sending it to the configured server
javax.mail.MessagingException: Can't send command to SMTP host;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


This issue is occurred when the server has got self verified certificates and client's trust store does not have it. But in gmail there is a certificate that is issued by a CA. So if you use JRE certificate store ($JREHOME/lib/security/cacerts) in the client side, this issue may not be occurred as it contains some CA's root certificates. But this certificates store can be changed by setting system property 'javax.net.ssl.trustStore'.
Sometimes this blog might help you to store this certificate.