activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bain <>
Subject Re:
Date Sat, 25 Feb 2017 05:02:11 GMT
That error always means that the truststore your client is using doesn't
have a certificate that can authenticate the certificate the remote server
is presenting.

Here are some things that could cause that to happen:
1. An appropriate cert isn't in the truststore.
2. A cert that would be valid is in the truststore, but there's something
wrong with it (it's expired, revoked, doesn't list the hostname or IP in
the subjectAlternateNames, etc.). I'm not sure that this wouldn't give a
more specific exception, but it's worth checking.
3. Your truststore has a valid cert, but your client isn't actually using
it (even if you think it is).
4. Your server's cert isn't what you think it is (or the server isn't using
it), so your truststore doesn't actually validate it.

I'd suggest that you first confirm that your truststore really does
validate your server cert using some other method. There may be tools out
there that do exactly that for you, and I suggest you Google to try to find
one, but if not you could always put an image in a web or app server that's
configured to use your server cert and then write a simple piece of code to
download the image using the truststore. That would check #1 and #2.

Then to check #4, use a browser to hit your HTTPS endpoint and inspect the
cert the server presents to make sure it's the one you expect.

If none of those reveal anything wrong, #3 is your problem, in which case
you need to confirm that you're properly passing all necessary arguments to
the JVM. And remember that capitalization matters for JVM arguments.


On Feb 24, 2017 7:02 AM, "shenrj" <> wrote:

> I was customizing BrokerPlugin, but there was an error when I was using
> org.apache.commons.httpclient.HttpClient to access the HTTPS site:
> = = = = =
> PKIX path building failed:
> unable to find
> valid certification path to requested target
> = = = = =
> Can someone help me
> --
> View this message in context:
> Sent from the ActiveMQ - User mailing list archive at

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message