PKIX… unable to find valid certification path to requested target eclipse – Fix
Problem: Eclipse: MarketplaceDiscoveryStrategy failed with an error
eclipse.buildId=4.21.0.I20210906-0500 java.version=16.0.2 java.vendor=Oracle Corporation BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=en_US Framework arguments: -product org.eclipse.epp.package.jee.product Command-line arguments: -os win32 -ws win32 -arch x86_64 -product org.eclipse.epp.package.jee.product org.eclipse.epp.mpc.core Error Thu Sep 16 13:07:14 IST 2021 Cannot complete request to https://marketplace.eclipse.org/api/p?client=org.eclipse.epp.mpc.core&os=win32&platform.version=4.21: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target org.eclipse.core.runtime.CoreException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.eclipse.epp.internal.mpc.core.transport.httpclient.HttpClientTransport.stream(HttpClientTransport.java:117)
Solution: You can solve this (PKIX) problem like this.
In order to resolve this issue, I copied my security/cacert from my JRE (java-se-8u41/jre/lib/security/cacert) and then paste it in my eclipse e.g. /eclipse/plugins/org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_16.0.2.v20210721-1149/jre/lib/security (replace cacert of the eclipse by cacert of JRE)
Note: You may follow the below step for exporting and importing certificates from Web Browser to cacerts.
How to export certificate from browse
- Go to the URL in your browser, and click on the HTTPS certificate chain (little lock symbol next to the URL address) to export the certificate. For Example:
Click On "More Info" > "Security" > "Show Certificate" > "Details" > "Export" > "Copy to File".
- Save as .der
How to import certificates into cacerts
- Import all *.der files into the cacerts file using the following:
> keytool -import -alias alias -keystore "$JAVA_HOME/jre/lib/security/cacerts" -file maven_repository_cert.cer
Note: The default keystore password is 'changeit'
You can view the change that you made with this command that shows the Certificate fingerprint.
> keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts
Now, you will not get PKIX certification errors during handshaking.
You may face this issue frequently when you will try to access https resources and you have to import the certificate from Web Browser to security/cacerts. Hence, keep handy all these steps.