James_Li | 2024-04-09 17:41:36 UTC | #1
I was trying to run sample code of "Client Credentials OAuth flow" at "https://github.com/MyPureCloud/platform-client-sdk-java". I do have valid OAuth client ID and secret when executing "ApiResponse<AuthResponse> authResponse = apiClient.authorizeClientCredentials(clientId, clientSecret)".
However, no matter where I located my cacerts path in eclilpse.ini (with -vmargs arguments) or in eclipse "Debug Configuration > Arguments tab > VM arguments", it always throws "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" error.
Do I need Genesys Cloud sort of trusted CA and import to my cacerts to pass com.mypurecloud.sdk.v2.ApiClient?
John_Carnell | 2024-04-09 17:54:00 UTC | #2
Hi James,
It has been awhile since I have to deal with Cert issues, but usually, the error you are getting is related to the fact that the cert you are trying to access is not available in your local CA Store. Since this is often particular to the user's machine I suggest you take a look at this article to see if this helps you resolve the issue.
Thanks, John Carnell Director, Developer Engagement
James_Li | 2024-04-09 18:22:11 UTC | #3
John, following the article saying "If you can access the HTTPS URL in your browser then it is possible to update Java to recognize the root CA", I was trying to access https://api.usw2.pure.cloud/ but it returns "HTTP 404 Not Found" error code. I was unable to find the server's primary root CA via HTTPS certificate chain.
John_Carnell | 2024-04-09 18:35:55 UTC | #4
Hi James,
If you click the link to the left of the URL (assuming you ar using Chrome) you should be able to see if the CERT is good. The 404 is being returned by the endpoint but the certificate on the endpoint is there.
Thanks, John
James_Li | 2024-04-09 21:44:40 UTC | #5
John, I imported api.usw2.pure.cloud root cert to my cacerts but I still get the same error. SSL handshake trace shows as follows:
adding as trusted cert: Subject: CN=usw2.pure.cloud Issuer: CN=SSL-SG1-GLOBAL, OU=Operations, O=Cloud Services, C=US Algorithm: RSA; Serial number: 0x4243534eb383b501c8cd2835000000002f86c880 Valid from Fri Aug 18 18:00:00 MDT 2023 until Sun Sep 15 17:59:59 MDT 2024
......
ClientHello, TLSv1.2 RandomCookie: GMT: 1712632706 bytes = { 214, 27, 174, 200, 151, 112, 106, 61, 104, 174, 184, 104, 155, 198, 45, 71, 93, 245, 133, 37, 178, 33, 129, 42, 222, 107, 44, 200 } Session ID: {} Cipher Suites: [TLSECDHEECDSAWITHAES256CBCSHA384, TLSECDHERSAWITHAES256CBCSHA384, TLSRSAWITHAES256CBCSHA256, TLSECDHECDSAWITHAES256CBCSHA384, TLSECDHRSAWITHAES256CBCSHA384, TLSDHERSAWITHAES256CBCSHA256, TLSDHEDSSWITHAES256CBCSHA256, TLSECDHEECDSAWITHAES256CBCSHA, TLSECDHERSAWITHAES256CBCSHA, TLSRSAWITHAES256CBCSHA, TLSECDHECDSAWITHAES256CBCSHA, TLSECDHRSAWITHAES256CBCSHA, TLSDHERSAWITHAES256CBCSHA, TLSDHEDSSWITHAES256CBCSHA, TLSECDHEECDSAWITHAES128CBCSHA256, TLSECDHERSAWITHAES128CBCSHA256, TLSRSAWITHAES128CBCSHA256, TLSECDHECDSAWITHAES128CBCSHA256, TLSECDHRSAWITHAES128CBCSHA256, TLSDHERSAWITHAES128CBCSHA256, TLSDHEDSSWITHAES128CBCSHA256, TLSECDHEECDSAWITHAES128CBCSHA, TLSECDHERSAWITHAES128CBCSHA, TLSRSAWITHAES128CBCSHA, TLSECDHECDSAWITHAES128CBCSHA, TLSECDHRSAWITHAES128CBCSHA, TLSDHERSAWITHAES128CBCSHA, TLSDHEDSSWITHAES128CBCSHA, TLSECDHEECDSAWITHAES256GCMSHA384, TLSECDHEECDSAWITHAES128GCMSHA256, TLSECDHERSAWITHAES256GCMSHA384, TLSRSAWITHAES256GCMSHA384, TLSECDHECDSAWITHAES256GCMSHA384, TLSECDHRSAWITHAES256GCMSHA384, TLSDHERSAWITHAES256GCMSHA384, TLSDHEDSSWITHAES256GCMSHA384, TLSECDHERSAWITHAES128GCMSHA256, TLSRSAWITHAES128GCMSHA256, TLSECDHECDSAWITHAES128GCMSHA256, TLSECDHRSAWITHAES128GCMSHA256, TLSDHERSAWITHAES128GCMSHA256, TLSDHEDSSWITHAES128GCMSHA256, TLSEMPTYRENEGOTIATIONINFOSCSV] Compression Methods: { 0 } Extension ellipticcurves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} Extension ecpointformats, formats: [uncompressed] Extension signaturealgorithms, signaturealgorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension extendedmastersecret Extension servername, servername: [type=hostname (0), value=login.usw2.pure.cloud]
.......
Certificate chain chain [0] = [ [ Version: V3 Subject: CN=usw2.pure.cloud Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits modulus: 25504895182933834258799120051813693651091688562298423379857679506847161098736411212633289907657246081177936152823111847034522644765736871328850702204560016918022483471989941823851944662095027762669735664407663038978603212203225280526778814036256508899424139064398212123521099593539195052740455221328939684322839551009452155770181888465396882769852035950583041535662334291397089207505475287205623893449661539670551080154922622406863762794456901514794075829469921229362237959528565881856872764662899156987121333272702186329190613370331380301810210579464815002916755509135066262219227293325182052720083076619695028273713 public exponent: 65537 Validity: [From: Fri Aug 18 18:00:00 MDT 2023, To: Sun Sep 15 17:59:59 MDT 2024] Issuer: CN=SSL-SG1-GLOBAL, OU=Operations, O=Cloud Services, C=US SerialNumber: [ 4243534e ee951fd8 17734fee 00000000 4b905675]
.......
%% Invalidated: [Session-1, TLSECDHERSAWITHAES256CBCSHA384] main, SEND TLSv1.2 ALERT: fatal, description = certificateunknown main, WRITE: TLSv1.2 Alert, length = 2 main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
James_Li | 2024-04-11 17:54:47 UTC | #6
John, I exported the server cert to "PKCS #7" format and it works this time.
John_Carnell | 2024-04-11 18:26:48 UTC | #7
Hi James,
I am glad you sorted it out. Cert-related issues can be extremely opaque to debug. Whenever I run into cert related problems, I always feel like C3P0 in the original star wars movie:
system | 2024-05-12 18:26:49 UTC | #8
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 25634