Thursday, November 4, 2010

Certificate Exception in Google Data API Authentication


You are running the Google Data API samples for the first time and got the following exception-
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

It’s definitely SSL certificate error, but it took me a while to figure out the actual cause and the resolution. So thought to share the finding. As we all do :-), I did Google and got this site helpful- http://www.java-samples.com/showtutorial.php?tutorialid=210 it explains a generic solution to this problem.

To resolve this Google Data API connection error, you need to import Google Server certificate into your JDK Keystore. Data API does authentication using following URL- https://www.google.com/accounts/AuthSubRequest

To get the certificate, access https://www.google.com/accounts/AuthSubRequest from your browser (IE)
At the bottom right corner of IE, you can find the SSL icon-
 
Double click the SSL icon and copy the certificate into file (in DER encoded binary X.509 (.cer) format). Save the certificate say as c:\google_auth.cer

Now import this certificate into JDK Keystore ([JDK_INSTALL_PATH]\jre\lib\security\cacerts) using keytool command-
keytool -import -alias google -keystore "[JDK_INSTALL_PATH]\jre\lib\security\cacerts" -file c:\google_auth.cer
-Password: changeit

Sample output-

Note the MD5 from the above output.

You can now validate whether this certificate has been added to the JDK keystore. To do that, display the list of registered certificates using,
keytool -list -keystore "C:\Program Files\Java\jdk1.5.0_22\jre\lib\security\cacerts"
-Password: changeit
Check whether you can find the MD5 (noted in the above step) in the displayed list of registered certificates. If you find the match, this indicates, Google Authentication SSL certificate has been successfully added to JDK Keystore.

Now, try again that sample application. It should be able to do the authentication successfully. Hope this helps.

Posted by at
Labels:

1 comment:

  1. AnonymousJuly 30, 2011 at 10:29 AM

    Thank you for posting this, the solution you provided was very helpful and detailed!!

    ReplyDelete

Subscribe to: Post Comments (Atom)