I am facing an issue in my application when calling HTTPS services with CFHTTP we are using below versions:
ERROR I/O Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Server Product ColdFusion
Version 2018,0,19,330149
Edition Enterprise
Operating System UNIX
JAVA
java version “11.0.17” 2022-10-18 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.17+10-LTS-269)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.17+10-LTS-269, mixed mode
TOMCAT SERVER
Please let me know if any details required.
Thanks!
Without knowing what types of services you are calling, it can be difficult to diagnose the problem. However, I will try.
The error message tells me that Java is having trouble with finding a certification path. This tells us that the certification path is not in the Java key store.
My first guess would be that you are calling a self-hosted service that is using an internal certificate authority signed cert, or possibly a self-signed cert. Or possibly a cert from some obscure certificate authority that does not have a CA entry in the Java key store.
For any of the above issues, the answer is to load the cert of the CA or of the self-signed certificate into the Java key store. Note: this will require a restart of the ColdFusion server.
First, you need to obtain the needed certificates. Since I don't know what services you are calling, I cannot tell you where to get those.
Then you need to location your Java key store (cacerts) that ColdFusion uses. If you are using the built-in Java, you should find it in /jre/lib/security.
Finally, you need to load the cert into the key store, which you can do with the following command.
At a command prompt or terminal window navigate to the JRE /bin folder and run
As I mentioned above, you will need to restart ColdFusion before the new cert can be used in your calls.