PKIX… unable to find valid certification path to requested target eclipse – Fix

Problem: Eclipse: MarketplaceDiscoveryStrategy failed with an error

eclipse.buildId=4.21.0.I20210906-0500
java.version=16.0.2
java.vendor=Oracle Corporation
BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=en_US
Framework arguments:  -product org.eclipse.epp.package.jee.product
Command-line arguments:  -os win32 -ws win32 -arch x86_64 -product org.eclipse.epp.package.jee.product

org.eclipse.epp.mpc.core
Error
Thu Sep 16 13:07:14 IST 2021
Cannot complete request to https://marketplace.eclipse.org/api/p?client=org.eclipse.epp.mpc.core&os=win32&platform.version=4.21: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
org.eclipse.core.runtime.CoreException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at org.eclipse.epp.internal.mpc.core.transport.httpclient.HttpClientTransport.stream(HttpClientTransport.java:117)

Solution: You can solve this (PKIX) problem like this.

In order to resolve this issue, I copied my security/cacert from my JRE (java-se-8u41/jre/lib/security/cacert) and then paste it in my eclipse e.g. /eclipse/plugins/org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_16.0.2.v20210721-1149/jre/lib/security (replace cacert of the eclipse by cacert of JRE)
Eclipse: Marketplace - unable to find valid certification path to requested target eclipse

Note: You may follow the below step for exporting and importing certificates from Web Browser to cacerts.

How to export certificate from browse

  • Go to the URL in your browser, and click on the HTTPS certificate chain (little lock symbol next to the URL address) to export the certificate. For Example:
PKIX…unable to find valid certification path to requested target eclipse
eclipse unable to find valid certification path to requested target
Click On "More Info" > "Security" > "Show Certificate" > "Details" > "Export" > "Copy to File".
certificate export wizard
Export certificate .der
  • Save as .der

How to import certificates into cacerts

  • Import all *.der files into the cacerts file using the following:
> keytool -import -alias alias -keystore "$JAVA_HOME/jre/lib/security/cacerts" -file maven_repository_cert.cer
Note: The default keystore password is 'changeit'

You can view the change that you made with this command that shows the Certificate fingerprint.

> keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts
PKIX…unable to find valid certification path to requested target - Fix

Now, you will not get PKIX certification errors during handshaking.

You may face this issue frequently when you will try to access https resources and you have to import the certificate from Web Browser to security/cacerts. Hence, keep handy all these steps.