amazon web services - How to solve the connection when install aws toolkit on eclipse Neon?

Question

I am in a company, and need set proxy to connect to the Internet. The proxy setting is ok, because I can connect to other website, e.g. Neon - http://download.eclipse.org/releases/neon, but not for http://aws.amazon.com/eclipse.

The error message is:

Unable to read repository at https://aws.amazon.com/eclipse/content.xml. Unable to read repository at https://aws.amazon.com/eclipse/content.xml. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

The specific stack is:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker.process_record(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:554) at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:435) at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:216) at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:394) at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:814) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:615) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:263) at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:69) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 20 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 26 more

Answer 1

This is because java is not recognizing root certificate authority (CA) SSL certificate of https://aws.amazon.com.

Solution is to add that certificate to java cacerts file so that it got permanently accepted.

Step 1 : Get root certificate of https://aws.amazon.com

CHROME BROWSER

1. Open https://aws.amazon.com
2. Select Inspect from context menu(right clicking on page) and navigate to security tab
3. Click on view certificates
4. Click on top most certificate on hierarchy and confirm it is tailed with Root CA phrase.
5. drag and drop that image which you saw written certificate on desktop.

FIREFOX BROWSER

1. Open https://aws.amazon.com
2. click on the green lock button "show certificate"
3. tab "details", "export"

Thats it! you got your root certificate!

Step 2 : Get that certificate added to java cacerts file.

1. use keytool.exe inside your jre bin folder.
2. fire following command to place your certificate inside cacerts file

keytool –import –noprompt –trustcacerts –alias ALIASNAME -file /PATH/TO/YOUR/DESKTOP/CertificateName.cer -keystore /PATH/TO/YOUR/JDK/jre/lib/security/cacerts -storepass changeit

That is it! you got your problem resolved.

PLEASE NOTE

1. Do confirm that the jre which is giving you this PKIX error(JRE used by eclipse or your app after deployment) that is where you are performing STEP 2. If you would try with another jre problem would be as it is.