HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

I switched all my Java Glassfish webservices to SSL, because I wanted to have an encrypted communication between me and my clients. Until then, all my applications worked flawlessly over the HTTP protocol, but now, after switching to SSL, I got the following error:

HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

That means, the client doesn’t have the certificate and cannot check response against the server certificate. The most simple solution is to export the certificate from the webserver server and import it on the webservice client.

This can be done in 2 simple steps:

keytool -exportcert -alias s1as -keystore /home/user/glassfish/domains/domain1/config/cacerts.jks > domain1.cert

Now copy the domain1.cert on the client and import it:

keytool -importcert -alias domain2 -keystore /home/user/glassfish/domains/domain1/config/cacerts.jks -file domain1.cert


Restart your webservice client (it seems the certificates are read only at start) and your application should work.

My problem was between to Glassfish server and my another Glassfish clients, but the solution explained here, should easily work on JBOSS, Tomcat or any other Java Application Containers.

Do you know another solution? I presume you can ignore the signature check somehow … Anyway, please comment about that.

Good Luck in your projects!