cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "KARR, DAVID" <>
Subject 2-way auth with SSL, ClientBuilder, gets "unable to find valid certification path to requested target", but curl call works
Date Fri, 07 Apr 2017 21:44:39 GMT
I'm trying to use CXF ClientBuilder to make a call to a REST service on an SSL connection using
2-way auth.

I was having some trouble populating the keystore of the ClientBuilder because my key file
was in the PKCS#1 format.  After I converted the file to PKCS#8 format, I was able to build
the client, but now I'm getting a "unable to find valid certification path to requested target"
error when I try to make a connection.  I didn't have any particular problem populating the
truststore of the ClientBuilder, but that error message may indicate there's something wrong
with it.

I'm able to make a "curl" call to the same URL using the given key and cert files, and that
gets through the SSL handshake fine.

The details for my issue are at

Note that the last "Update" in the posting talks about how I turned on "",
and it shows some suspicious debug output associated with that.  It seems like it thinks the
truststore "is" the cacerts file in my JDK, even though I created the truststore in memory
from a single certificate, like this:
			KeyStore	trustStore	= KeyStore.getInstance("jks");
			trustStore.load(null, "changeit".toCharArray());
			Certificate	cert	= buildCertFromFile("<path to cert file>");
			trustStore.setCertificateEntry("cert", cert);


			ClientBuilder	builder	= ClientBuilder.newBuilder();
                client	=;

Any idea what might be going wrong here?

View raw message