PKIX… unable to find valid certification path to requested target eclipse – Fix

May 19, 2021   9,847 Views
Eclipse: MarketplaceDiscoveryStrategy failed with an error

In order to resolve this issue, I copied my security/cacert from my JRE (java-se-8u41/jre/lib/security/cacert) and then paste it in my eclipse e.g. /eclipse/plugins/org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_16.0.2.v20210721-1149/jre/lib/security (replace cacert of the eclipse by cacert of JRE)

How to import certificates into cacerts

Import all *.der files into the cacerts file using the following:
> keytool -import -alias alias -keystore “$JAVA_HOME/jre/lib/security/cacerts” -file maven_repository_cert.cer Note: The default keystore password is ‘changeit’

unable to find valid certification path to requested target eclipse

unable to find valid certification path to requested target eclipse and pkix path building failed eclipse

Problem: Eclipse: MarketplaceDiscoveryStrategy failed with an error

eclipse.buildId=4.21.0.I20210906-0500
java.version=16.0.2
java.vendor=Oracle Corporation
BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=en_US
Framework arguments:  -product org.eclipse.epp.package.jee.product
Command-line arguments:  -os win32 -ws win32 -arch x86_64 -product org.eclipse.epp.package.jee.product

org.eclipse.epp.mpc.core
Error
Thu Sep 16 13:07:14 IST 2021
Cannot complete request to https://marketplace.eclipse.org/api/p?client=org.eclipse.epp.mpc.core&os=win32&platform.version=4.21: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
org.eclipse.core.runtime.CoreException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at org.eclipse.epp.internal.mpc.core.transport.httpclient.HttpClientTransport.stream(HttpClientTransport.java:117)

Solution : You can solve this (PKIX) problem like this.

In order to resolve this issue, I copied my security/cacert from my JRE (java-se-8u41/jre/lib/security/cacert) and then paste it in my eclipse e.g. /eclipse/plugins/org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_16.0.2.v20210721-1149/jre/lib/security (replace cacert of the eclipse by cacert of JRE)
Eclipse: Marketplace - unable to find valid certification path to requested target eclipse

Note: You may follow below step for exporting and importing certificates from Web Browser to cacerts.

How to export certificate from browse

  • Go to URL in your browser, click on the HTTPS certificate chain (little lock symbol next to URL address) to export the certificate. For Example:
PKIX…unable to find valid certification path to requested target eclipse
eclipse unable to find valid certification path to requested target
Click On "More Info" > "Security" > "Show Certificate" > "Details" > "Export" > "Copy to File".
PKIX…unable to find valid certification path to requested target - Fix
  • Save as .der

How to import certificates into cacerts

  • Import all *.der files into the cacerts file using the following:
> keytool -import -alias alias -keystore "$JAVA_HOME/jre/lib/security/cacerts" -file maven_repository_cert.cer

Note: The default keystore password is 'changeit'

You can view the change that you made with this command that shows the Certificate fingerprint.

> keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts
PKIX…unable to find valid certification path to requested target - Fix

Now, you will not get PKIX certification error during handshaking.

You may face this issue frequently, when you will try to access https resources and you have to import certificate from Web Browser to security/cacerts. Hence, keep handy all these steps.