After installing new certificate from godaddy, Java app connect to webservice hosted on that server

560 views Asked by At

All,

Our cert expired and we bought another one with new CSR. Its installed for Zimbra webserver. We cannot validate it properly from cert checkers , everything looks good. But our app which was calling this server now trips with :

javax.net.ssl.SSLHandshakeException:   
sun.security.validator.ValidatorException:
PKIX path building failed:   
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target

JVM keystore has valid root crt from GoDaddy installed. All the links that I read talk mostly about adding root crt to keystore.

Anyone faced this issued ?

Thanks in advance for some pointers

1

There are 1 answers

0
purvesh On

Problem fixed. I took help of consultant who is expert in SSL issues. Issue is same as everyone is stating that certs are not properly installed. However our java truststore had valid godaddy cert. But that is not all, seems after SHA2 migration, godaddy has changed its cert and intermediates. Even though we installed those, seems we missed something. It would take few hrs to figure it out. But jdk1.7.0_u79 or 1.8.0_u45 have godaddy sha2 certs properly configured and installed. We had to upgrade from 1.7.0_u72 to 1.7.0_u79 and presto problem solved.