PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path

Report · Sep 16, 2016

On my HTTP request, I kept getting this error.

handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.

Sep 16, 2016 10:26:14 AM Error [ajp-bio-8013-exec-2] - ERROR: failed to read from https://myapps.example.com/units.json. Response code: 'Connection Failure. Status code unavailable.' Error details: 'I/O Exception: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.'

I found this page, https://www.hass.de/content/coldfusion-java-pkix-path-building-failed-javasecuritycertcertpathbuilde... , that talks about the same exact error that I have. However, it didn't resolve my issue even though I verified that the certificate is already exist in my cacerts file.

Report · Aug 31, 2018

It could be that the server is requiring a more modern protocol such as TLS 1.2, and you are using an old version of Java which does not support TLS 1.2. You need to make sure you are using Java 1.8 or greater (TLS 1.2 can be supported on Java 1.7 but it is not enabled by default).

Report · Sep 02, 2018

What is your ColdFusion version? What Java version does it run on?

Report · Sep 27, 2019

Just to say thanks to Pete. Bumping up the Java version also solved our problem!

Report · May 27, 2020

JDK 1.8 with update 122 will use TLS 1.2 as default

https://blogs.oracle.com/java-platform-group/jdk-8-will-use-tls-12-as-default

Report · May 27, 2020

Paulo, would you mind offering some context to your comment here? Are you reporting that as version info for your having the problem discussed above? Or are you reporting it as a solution?

And for anyone interested in more about Pete's suggestion (and how the Java update may have worked for Paolo) , I'll add that about a year ago I'd done a post with more at https://coldfusion.adobe.com/2019/06/error-calling-cf-via-https-solved-updating-jvm/.

/Charlie (troubleshooter, carehart.org)

Report · May 27, 2020

Hi Charlie, I just wanted to add a more precise detail as a comment in this post with the micro version of JDK

Thanks a lot for your post, but on Google it came out after Pete's post, sorry 😉

Report · May 27, 2020

Thanks for clarifying the intent of that first comment. As for the second point you make, I don't quite understand it, but to be clear I don't see Pete and me as in competition. We both just want to help folks, whoever's post may come up "first". 🙂

/Charlie (troubleshooter, carehart.org)