IDEA Ultimate 2016.3.4 throwing "unable to find valid certification path to requested target" when trying to refresh gradle
I've just downloaded IDEA Ultimate 2016.3.4 via the Toolbox application, and tried to import a new gradle project. When I try and refresh it I'm faced with "Error: Cause: unable to find valid certification path to requested target". I'm using IDEA behind a company proxy, however this has never been an issue before. I tried adding our certificates into IDEA and still came up empty. The only thing that has changed is that I upgraded from the community edition to the ultimate edition.
Has anyone encountered this before? Or have any guidance on what I can try next. I'm out of ideas.
Here is what came out in my logs
[ 10738] INFO - ibility.VersionMetadataUpdater - Failed to parse XML metadata
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at com.intellij.util.io.HttpRequests.openConnection(HttpRequests.java:484)
at com.intellij.util.io.HttpRequests.access$300(HttpRequests.java:57)
at com.intellij.util.io.HttpRequests$RequestImpl.getConnection(HttpRequests.java:278)
at com.intellij.util.io.HttpRequests$RequestImpl.getInputStream(HttpRequests.java:287)
at com.intellij.util.io.HttpRequests$RequestImpl.getReader(HttpRequests.java:305)
at com.intellij.util.io.HttpRequests$RequestImpl.getReader(HttpRequests.java:298)
at com.android.tools.idea.gradle.project.compatibility.VersionMetadataUpdater$3$1.process(VersionMetadataUpdater.java:92)
at com.android.tools.idea.gradle.project.compatibility.VersionMetadataUpdater$3$1.process(VersionMetadataUpdater.java:88)
at com.intellij.util.io.HttpRequests.doProcess(HttpRequests.java:413)
at com.intellij.util.io.HttpRequests.process(HttpRequests.java:390)
at com.intellij.util.io.HttpRequests.access$100(HttpRequests.java:57)
at com.intellij.util.io.HttpRequests$RequestBuilderImpl.connect(HttpRequests.java:252)
at com.android.tools.idea.gradle.project.compatibility.VersionMetadataUpdater$3.run(VersionMetadataUpdater.java:88)
at com.intellij.openapi.application.impl.ApplicationImpl$2.run(ApplicationImpl.java:309)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 32 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
Please sign in to leave a comment.
I modified the cacerts file based on my comment above (3/23/21) and everything was fine except now IntelliJ won't update because that file has been modified. So you should probably make a copy of the file before modifying it. I tried renaming my file, but IntelliJ still won't update because now the file is missing. I'm guessing my only recourse now is to uninstall IntelliJ and start over.
You may want to keep the modified copy outside of the IDE install location and use
-Djavax.net.ssl.trustStore=C:/somepath/keystore
-Djavax.net.ssl.trustStorePassword=changeit
in Help | Edit Custom VM Options.
This is still an issue after 5 years...
Please someone at jetbrains make the gradle download work like the rest of downloads and prompt for the untrusted cert with a "allow" button... just like in 90% of the other places where downloads are required (maven dependencies, db drivers, toolbox, etc...)
Also I have checked the box that says "accept non-trusted certificates automatically" and it's not being respected by the gradle download.
I now have to "hack" intelliJ to use a specific jdk, which will mess with auto updates using toolbox etc....
Serge Baranov
As you mentioned earlier https://intellij-support.jetbrains.com/hc/en-us/community/posts/115000094584-IDEA-Ultimate-2016-3-4-throwing-unable-to-find-valid-certification-path-to-requested-target-when-trying-to-refresh-gradle?page=1#community_comment_115000405564
is a working solution, but also this solution brokes down IDEA's update.
Yexella
People have already reported that to our tracker: https://youtrack.jetbrains.com/issue/IDEA-281915
Feel free to leave additional comments in the issue.
To fix Rider on Windows 10:
I am currently running PhpStorm on a mac with the same problem but in the install path of PhpStorm I am not seeing a folder "jre64" or "jre32" or "jre" -> "lib" -> "security". Am I missing something I am using PhpStorm 2021.2.
Jay Murphy The folder is called jbr:
Can't believe but even after so many yrs, this problem is still persistent and Jay's solution around downloading the keystore from Chrome + updating IntelliJ's Maven and Gradle JDK to Jetbrains runtime version + restarting system worked for me.
Writing this in 2023, I can confirm that the solution provided by Jay and Sinno worked for me with IntelliJ IDEA 2022.3.3 (Ultimate Edition). My problem wasn't directly related to a Maven/Gradle-build but an IntelliJ-Plugin that stopped working. Also, my crt sits in a folder which path is "/jbr/lib/security"; note that it's not in "jre" but jbr. Thought I leave this here as a comment because at first I was afraid that it wouldn't work because I don't have a jre-folder but it works anyway!
I added zscalar cert to pycharm server certificates but still cannot access public endpoints from IDE. Code continue to below error
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))
Chauhan Priyankaa You may want to ask your security team to exclude these resources from filtering.
Serge Baranov Am confused post zscalar install, if I can access these endpoints from browser then why cannot I access from IDE(pycharm) once I added zscalar cert
Chauhan Priyankaa What IDE version and OS do you use? Current release should be able to use the same certificates as installed on your system.
@Serge Baranov I use WebStorm 2023.2 Build #WS-232.8660.143, built on July 21, 2023 and DataGrip 2023.2 Build #DB-232.8660.111, built on July 19, 2023. I tried all the instructions, but Plugins (GitHub Copilot in particular) don't work.
I resolved the issue with DataGrip and Azure SQL Db data source by setting the data source's VM Options to -Djavax.net.ssl.trustStoreType=WINDOWS-ROOT. After this, I was able to connect. But Copilot doesn't work whatever I try.
Iskomorokh Please contact https://github.com/community/community/discussions/categories/copilot-feedback for help.
Happening in IntelliJ IDEA 2023.1.5 (Ultimate Edition) again. Project is SpringBoot with Kotlin with JDK17. All the cacerts tips were for nothing.
Maven settings in IntelliJ showed: "Use settings from .mvn/maven.config with the following settings":
-Dmaven.wagon.http.ssl.insecure=true
-Dmaven.wagon.http.ssl.allowall=true
-Dmaven.wagon.http.ssl.ignore.validity.dates=true
Unfortunately, that file resided not in .mvn, but in %userprofile%/.mvn. Copied the file into the project and then PKIX shit went away.
Also, I added
-Dmaven.resolver.transport=wagon
for good measure.
Holy crap, half the planet ist chasing certificates half of their working time.
Added the certificates in all my jdks and still to no avail. IT is broken dudes.
Stephan Avigue Do you get this error when using Gradle? Please contact support with more details so that we can help you.
7 years later and Jay's solution still works. incredible stuff, thanks jay!