Utilice un pequeño utilitario de Atlassian: https://confluence. atlassian.com/kb/unable-to- connect-to-ssl-services-due- to-pkix-path-building-failed- 779355358.html
A continuación el ejemplo que hice :
[German@KDU ssl]$ java -cp . SSLPoke
Utility to debug Java connections to SSL servers
Usage:
java SSLPoke
or for more debugging:
java -Djavax.net.debug=ssl SSLPoke
Eg. to test the SSL certificate at https://localhost, use
java SSLPoke localhost 443
[German@KDU ssl]$ java -cp . SSLPoke 127.0.0.1 7002
sun.security.validator. ValidatorException: PKIX path building failed: sun.security.provider. certpath. SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security. validator.PKIXValidator. doBuild(PKIXValidator.java: 385)
at java.base/sun.security. validator.PKIXValidator. engineValidate(PKIXValidator. java:290)
at java.base/sun.security. validator.Validator.validate( Validator.java:264)
at java.base/sun.security.ssl. X509TrustManagerImpl.validate( X509TrustManagerImpl.java:343)
at java.base/sun.security.ssl. X509TrustManagerImpl. checkTrusted( X509TrustManagerImpl.java:226)
at java.base/sun.security.ssl. X509TrustManagerImpl. checkServerTrusted( X509TrustManagerImpl.java:133)
at java.base/sun.security.ssl. ClientHandshaker. checkServerCerts( ClientHandshaker.java:1947)
at java.base/sun.security.ssl. ClientHandshaker. serverCertificate( ClientHandshaker.java:1777)
at java.base/sun.security.ssl. ClientHandshaker. processMessage( ClientHandshaker.java:264)
at java.base/sun.security.ssl. Handshaker.processLoop( Handshaker.java:1092)
at java.base/sun.security.ssl. Handshaker.processRecord( Handshaker.java:1026)
at java.base/sun.security.ssl. SSLSocketImpl. processInputRecord( SSLSocketImpl.java:1137)
at java.base/sun.security.ssl. SSLSocketImpl.readRecord( SSLSocketImpl.java:1074)
at java.base/sun.security.ssl. SSLSocketImpl.readRecord( SSLSocketImpl.java:973)
at java.base/sun.security.ssl. SSLSocketImpl. performInitialHandshake( SSLSocketImpl.java:1402)
at java.base/sun.security.ssl. SSLSocketImpl.writeRecord( SSLSocketImpl.java:733)
at java.base/sun.security.ssl. AppOutputStream.write( AppOutputStream.java:67)
at java.base/sun.security.ssl. AppOutputStream.write( AppOutputStream.java:81)
at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider. certpath. SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security. provider.certpath. SunCertPathBuilder.build( SunCertPathBuilder.java:141)
at java.base/sun.security. provider.certpath. SunCertPathBuilder. engineBuild( SunCertPathBuilder.java:126)
at java.base/java.security.cert. CertPathBuilder.build( CertPathBuilder.java:297)
at java.base/sun.security. validator.PKIXValidator. doBuild(PKIXValidator.java: 380)
... 18 more
[German@KDU ssl]$
[German@KDU ssl]$ java -cp . -Djavax.net.ssl.trustStore=/ Users/German/Oracle/ Middleware/Oracle_Home/ wlserver/server/lib/DemoTrust. jks SSLPoke 127.0.0.1 7002
Successfully connected
[German@KDU ssl]$
como era de esperar uno de los problemas clasicos es setear el trust store en el java system properties, ademas algunos otros properties de ayuda para debug ssl :
-Djavax.net.debug=ssl:handshake:verbose
-Djavax.net.debug=ssl
-Djavax.net.ssl.keyStoreType=pkcs12
-Djavax.net.ssl.keyStore=client.p12
-Djavax.net.ssl.keyStorePassword=whatever
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStore=client-truststore.jks
-Djavax.net.ssl.trustStorePassword=whatever