Share via

unable to find valid certification path to requested target after deploying war to azure app service with linux os.

Aakansha Srivastava 21 Reputation points
2021-11-29T08:35:03.193+00:00

We have migrated our Java sringboot application from on-prem to azure web app service. We have uploaded the certificates in private certificate option, but we are not able to connect with the application yet. The detailed error is below-
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 67 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 73 more
CAUSE:
com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:282)
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:145)
at org.bjc.es.ecs.authentication.service.WebAuthenticationServiceImpl.callWebService(WebAuthenticationServiceImpl.java:136)
at org.bjc.es.ecs.authentication.service.WebAuthenticationServiceImpl.authenticate(WebAuthenticationServiceImpl.java:114)

Let me know if I need to make any more changes.

the web app configuration is RHEL7 OS with Tomcat 9 web server.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,939 questions
0 comments
Accepted answer
  1. Ryan Hill 30,281 Reputation points Microsoft Employee Moderator
    2021-11-30T00:18:46.41+00:00

    Hi @Aakansha Srivastava ,

    Load the certificate from the appropriate store location in your code. The following snippet is for a Windows hosted app service. For Linux, you load it as file from /var/ssl/private, if I'm not mistaken. 

       import org.springframework.web.bind.annotation.RestController;  
   import org.springframework.web.bind.annotation.RequestMapping;  
   import java.security.KeyStore;  
   import java.security.cert.Certificate;  
   import java.security.PrivateKey;  
     
   ...  
   KeyStore ks = KeyStore.getInstance("Windows-MY");  
   ks.load(null, null);   
   Certificate cert = ks.getCertificate("<subject-cn>");  
   PrivateKey privKey = (PrivateKey) ks.getKey("<subject-cn>", ("<password>").toCharArray());  
     
   // Use the certificate and key  
   ...

    Also make sure WEBSITE_LOAD_CERTIFICATES is to 1 under application settings.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.