7

Trying to connect to external soap service from aws lambda, but getting below exception.

com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I was getting the same exception when tried to call the service from local environment. It gets resolved after importing the security cert in jre/lib/security folder by using keytool command.

How to import the external security cert in AWS to resolve the exception.

I've gone through the below link.

Note::I have the certificate from browser but I don't have the private key.

Improve this question
2
  • You are definitely on the wrong track looking at Amazon Certificate Manager. This service is for importing certificates you want to use on your services that others are accessing. This is not what you need. Your problem, by contrast, appears to be related to your trust store not being able to validate a certificate of a site you are connecting to. Commented Nov 8, 2017 at 19:38
  • I am withholding my closure vote for the moment, as this is not my area of expertise, but this seems like a possible duplicate of Using a custom truststore in java as well as the default one. Commented Nov 8, 2017 at 19:40

1 Answer 1

Reset to default
9

This is how I solved this:

 //locate the default truststore String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); try (FileInputStream fis = new FileInputStream(filename)) { keystore.load(fis, "changeit".toCharArray()); } CertificateFactory cf = CertificateFactory.getInstance("X.509"); //Input stream to cert file Certificate caCert = cf.generateCertificate(IOUtils.toInputStream(CA_CERT)); keystore.setCertificateEntry("ca-cert", caCert); //can only save to /tmp from a lambda String certPath = "/tmp/CustomTruststore"; try (FileOutputStream out = new FileOutputStream(certPath)) { keystore.store(out, "MyPass".toCharArray()); } System.setProperty("javax.net.ssl.trustStore", certPath); System.setProperty("javax.net.ssl.trustStorePassword","MyPass");
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.