PKIX path building failed #220
Replies: 1 comment 9 replies
-
Hi Rey! I think your issue is caused by the client which is either not trusting the server because the trusted certificate is not present or the certificate has been expired. Looking at your own analysis it seems like the server certificate is not present within the SunCertPathBuilder. That part is out of the scope of this library as it does not interact with those objects. Maybe Netty Reactor is filtering out the server certificate, but I am not sure... If you have configured the sslfactory with all of the trusted certificates it should work or else it would throw a runtime exception during startup time to indicate it failed to load the certificate. So my assumption is that it is filtered out by internal netty ssl libraries. We can have a quick call if you are willing to, it is hard to tell what the exact cause is although you have provided detailed information |
Beta Was this translation helpful? Give feedback.
-
Hi Hakan and the rest of the community,
I'm currently integrating our API to a third bank with mTLS enabled.
I have the following codes:
I am able to send the request to the server:
But I get this stack trace:
Looking at the server response through PKIXValidator, I receive the server's public certificate and Java trusts both the intermediate and root certificates.
But when it gets to SunCertPathBuilder, the server's public certificate is not there:
Please advise. BTW I'm using Corretto 17, Spring Boot 2.7.2 and SSLContext Kickstart (for PEM and Netty) 7.4.6. The first and second bank integrations worked flawlessly, thanks to your library. I am able to transact with this third bank using a Python script, though.
Regards,
Rey
Beta Was this translation helpful? Give feedback.
All reactions