In a spring boot
application trying to consume a POST API using rest template
. No issues in personal/localhost environment. But when application is deployed on production it is showing
unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target` error.
below is the code that is running fine at my end..
RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.add("Content-Type", MediaType.APPLICATION_JSON_VALUE);
JSONObject obj =new JSONObject();
obj.put("password", "<password>");
obj.put("username", "<username>");
ResponseEntity<SimAccessToken> response = null;
HttpEntity formEntity = new HttpEntity(obj, headers);
try {
response = restTemplate.exchange("https://simapi.icta.mu/icta/auth/login", HttpMethod.POST,
formEntity, SimAccessToken.class);
if(response==null) {
long l_end_time = System.currentTimeMillis();
l_diff = l_end_time-l_time_start;
return new ResponseEntity<CoreResponseHandler>(new SuccessResponseBeanRefined(HttpStatus.INTERNAL_SERVER_ERROR, ResponseStatusEnum.FAILED, ApplicationResponse.Failed,"sim api access token null",l_diff+" ms"),HttpStatus.INTERNAL_SERVER_ERROR);
}
if(response!=null) {
SimAccessToken simAccessToken = response.getBody();
if(simAccessToken==null) {
long l_end_time = System.currentTimeMillis();
l_diff = l_end_time-l_time_start;
return new ResponseEntity<CoreResponseHandler>(new SuccessResponseBeanRefined(HttpStatus.INTERNAL_SERVER_ERROR, ResponseStatusEnum.FAILED, ApplicationResponse.Failed,"sim api access token null",l_diff+" ms"),HttpStatus.INTERNAL_SERVER_ERROR);
}
return callSimApi(simAccessToken.getAccessToken(),customerDetail2);
}
} catch (HttpStatusCodeException ex) {
System.out.println("Exception...");
ex.printStackTrace();
int statusCode = ex.getStatusCode().value();
String abcObj =ex.getResponseBodyAsString();
JSONParser parser = new JSONParser();
JSONObject obj2 = (JSONObject)parser.parse(abcObj);
System.out.println(obj2.toJSONString());
long l_end_time = System.currentTimeMillis();
l_diff = l_end_time-l_time_start;
return new ResponseEntity<CoreResponseHandler>(new SuccessResponseBeanRefined(HttpStatus.INTERNAL_SERVER_ERROR, ResponseStatusEnum.FAILED, ApplicationResponse.Failed,obj2,l_diff+" ms"),HttpStatus.INTERNAL_SERVER_ERROR);
}
No issues. I am able to get perfect response with all access token & refresh tokens.
But when this flow is run in production I am getting below error:
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://simapi.icta.mu/icta/auth/login": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:675)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:622)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:540)
at com.ekyc.service.EkycServiceImpl.updateCustomerWithSelfie(EkycServiceImpl.java:198)
at com.ekyc.controller.MainController.process_put_id(MainController.java:51)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:854)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:765)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:663)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
I don't understand. How do I rectify this issue.
update
I tested the reachability of particular api from production server. It is reachable.
curl --header "Content-Type: application/json" --request POST --data '{"username":"<username>","password":"<password>"}' https://simapi.icta.mu/icta/auth/login
able to get same response. But why am I not able to get this same response from rest template