SSL Connection To RAC Database Fails with sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (Doc ID 2167679.1)

Last updated on AUGUST 03, 2016

Applies to:

JDBC - Version 11.1.0.6 and later
Information in this document applies to any platform.

Symptoms

SSL has been enabled on WebLogic 10.3.6 using the steps in <Document:1638256.1> How To Configure Oracle JDBC Driver SSL With Oracle WebLogic Server. 
When trying to connect to a RAC database using SCAN, the JDBC connection fails with error:

<Jun 17, 2016 5:30:50 PM PDT> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "JDBC Data Source-STR": IO Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.>


Testing the SSL connection with the  standalone JDBC program JDBCSSLTester from <Document:762286.1>  End To End Examples of using SSL With Oracle's JDBC THIN Driver shows the same error:


]$ java -cp .:ojdbc6.jar:oraclepki.jar JDBCSSLTester test1.properties
Start: Wed Jun 22 05:35:21 PDT 2016
SQL Exception occurred:
java.sql.SQLRecoverableException: IO Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:467)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:546)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:236)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:280)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:207)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:157)
at JDBCSSLTester.getConnection(JDBCSSLTester.java:79)
at JDBCSSLTester.run(JDBCSSLTester.java:39)
at JDBCSSLTester.main(JDBCSSLTester.java:93)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
at oracle.net.ns.Packet.send(Packet.java:403)
at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:198)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:293)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1102)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:320)
... 10 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
... 22 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


Properties used:


ERROR
-----------------------
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target



STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Enable SSL in WebLogic - JDBC connection.
2. Attempt a connection.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms