IDEA Ultimate 2016.3.4 throwing "unable to find valid certification path to requested target" when trying to refresh gradle
I've just downloaded IDEA Ultimate 2016.3.4 via the Toolbox application, and tried to import a new gradle project. When I try and refresh it I'm faced with "Error: Cause: unable to find valid certification path to requested target". I'm using IDEA behind a company proxy, however this has never been an issue before. I tried adding our certificates into IDEA and still came up empty. The only thing that has changed is that I upgraded from the community edition to the ultimate edition.
Has anyone encountered this before? Or have any guidance on what I can try next. I'm out of ideas.
Here is what came out in my logs
[ 10738] INFO - ibility.VersionMetadataUpdater - Failed to parse XML metadata
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at com.intellij.util.io.HttpRequests.openConnection(HttpRequests.java:484)
at com.intellij.util.io.HttpRequests.access$300(HttpRequests.java:57)
at com.intellij.util.io.HttpRequests$RequestImpl.getConnection(HttpRequests.java:278)
at com.intellij.util.io.HttpRequests$RequestImpl.getInputStream(HttpRequests.java:287)
at com.intellij.util.io.HttpRequests$RequestImpl.getReader(HttpRequests.java:305)
at com.intellij.util.io.HttpRequests$RequestImpl.getReader(HttpRequests.java:298)
at com.android.tools.idea.gradle.project.compatibility.VersionMetadataUpdater$3$1.process(VersionMetadataUpdater.java:92)
at com.android.tools.idea.gradle.project.compatibility.VersionMetadataUpdater$3$1.process(VersionMetadataUpdater.java:88)
at com.intellij.util.io.HttpRequests.doProcess(HttpRequests.java:413)
at com.intellij.util.io.HttpRequests.process(HttpRequests.java:390)
at com.intellij.util.io.HttpRequests.access$100(HttpRequests.java:57)
at com.intellij.util.io.HttpRequests$RequestBuilderImpl.connect(HttpRequests.java:252)
at com.android.tools.idea.gradle.project.compatibility.VersionMetadataUpdater$3.run(VersionMetadataUpdater.java:88)
at com.intellij.openapi.application.impl.ApplicationImpl$2.run(ApplicationImpl.java:309)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 32 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
Please sign in to leave a comment.
The issue was submitted to support and closed with the following comment:
> it turns out this was not an IDEA issue. This was a gradle wrapper issue that was manifesting itself through IDEA. Our networking guys are messing with something. I'm sorry to waste your time.
@Serge Baranov
Eh, this is a Jetbrains/IDEA issue. Despite being able to pick the gradle wrapper's Java installation, the grabbing of the wrapper is still done with the JRE which the IDE is currently using... Preventing the wrapper from even starting. It should prompt to trust the certificate like everywhere else in the IDE but it does not. In the interim I have posted instructions to fix this for those who need it. (This issue persists in 2017.2.1)
@Nisarg @Sebas Panikulam @David Edwards
Just import your proxy's certificate into all utilized instances of "cacerts" keystores.
Still encountering this issue in 2020.3.2, tried Jay's solution but didn't manage to make it work.
I also think something's quite unclear about his explaination:
"In a browser, navigate to "https://www.google.com" hit F12, go to certificates/security and..."
This procedure gets you the certificate used by the site you're on, I can't find a way to download a 'personal' certificate since you can't F12 (or click on the lock icon etc etc) if not on a site.
"In a terminal, navigate to your Jetbrains installation (whichever IDE it is doesn't matter). Inside of the base folder navigate to the folder "jre64" or "jre32" or "jre" -> "lib" -> "security""
I only have a 'jbr' folder, I tried with that one
"Copy over MyCertificate.cer into the security folder. (mv /tmp/MyCertificate.cer)"
What's up with the path between brackets? Should I copy the file into 'security' or I have to create two more folders?
I added the certs into the keystore, however, I still encountered the issue.
Here is an extra step that worked for me, so passing it on with hope that it'll help someone else.
From within Intellij, go to Maven Settings -> Importing
Look at the selected path in the "JDK for importer".
I had it to "User Internal JRE".
I changed it to "Use JAVA_HOME (xxxx)"
Click Apply.
Do Maven "re-import".
Good luck.
Any idea what was the fix?
Hi
I am having the same issue...any idea if it is fixed already or any work around ?
I tried the solution suggested and still ran into a problem. I do think the suggested/accepted solution will work but I had another problem in that IntelliJ also needed to make a TLSv1.2 connection to download a maven artifact.
The solution I came across through some trial and error was to edit the IntelliJ VM Options. I'm using IntelliJ Ultimate 2017.3 with the Maven 3 (builtin) so my instructions are based on that version and configuration of Maven.
Step 1: Create a file that you can modify. Inside IntelliJ, select Help | Edit Custom VM Options... Doing this will create a file you can add options to. In my case the file was $HOME/.IntelliJIdea2017.3/config/idea64.vmoptions.
Step 2: I then added the following options to that file:
-Djava.net.ssl.trustStore=$HOME/certs/mytrust.jks
-Djava.net.ssl.trustStoreType=jks
-Djava.net.ssl.trustStorePassword=WHATEVER-IT-IS
-Dhttps.protocols=TLSv1.2
Step 3: Restart IntelliJ so it starts with those options. NOTE: I edited the idea.sh script to verify that these options were being passed to the Java command that was starting IntelliJ.
After making these changes, IntelliJ could download files from the Maven Repo I was using.
Just FYI, the way I got this to work from the Unix command line was to set
export MAVEN_OPTS="-Dmaven.wagon.https.ssl.insecure=true -Dmaven.wagon.https.ssl.allowall=true"
prior to running mvn.
Since I don't know how IntelliJ implements the Maven3 builtin, I'm not sure if those options are "used" or not. They were used by Maven 3.0.5 that was installed (outside of IntelliJ).
@Duffymo, I followed Jay's steps and have the same error with you. It took me a whole day to fix it.
Solution: In Jay's step, "get the top most certificate", top most is very import. I think I dumped out the wrong certificate in the beginning.
I was using Chrome browser, click the lock icon at left address link, it will pop out a certificate dialog. On the detail tab, there is a copy to file button which can dump out a certificate. Attention, this is a wrong way, DO NOT click this button to dump. There is also a certificate path tab on that dialog, click it, and choose the top most certificate, and click view certificate button, a dialog will pop out, and then dump out that certificate. It will work.
It is a little bit complicated, wish it will help you.
This is also a problem wtih 2020.1. The upgrade doesn't copy over the VM arguments from the Build Tools/Maven/Runner settings, so you have to set them again. Of course, it's probably been more than a year since you've set them the first time, and have probably forgotten about them, but you have to "-Djavax.net.ssl.trustStore="c:\Program Files\java\jdk8\jre\lib\security\cacerts"", assuming you installed Java to the default location on Windows.
Make sure JVM configured to run Maven and Gradle from IntelliJ IDEA has all the certificates added to the keystore: https://intellij-support.jetbrains.com/hc/en-us/community/posts/115000094584-IDEA-Ultimate-2016-3-4-throwing-unable-to-find-valid-certification-path-to-requested-target-when-trying-to-refresh-gradle?page=1#community_comment_115000405564.
In which keystore did you install the certificate?
@Jay
Thank you very much for saving my nerves with your solution!
@Serge Baranov
Please communicate the issue to the developer team
Thanks :)
After breaking my head for a long time, found this and this resolved my issue.
You my friend deserve a medal! for clear description alone
I downloaded the Kotlin JKid project and tried to build it.
I got the following error:
Error:Cause: unable to find valid certification path to requested target
Google found this page for me. I followed the instructions above, but 2017.2.5 is still showing that error when I try to refresh a Gradle.
I also manually added the certificate file using Tools->Server Certificates.
I restarted IntelliJ after each attempt.
No joy. Any more advice?
@Duffymo, have same problem? but with 2018.2.2 should i add top cert of my proxy, or of bintray.com?
@Leon Ren it's right, you have to get the right certificate, apply it to all your java installations just in case and then restart your windows.
Thank you guys! I would have never solved this on my own!!!
@Jay
Thank you, it worked!
@Jay
Thanks for clear clarification. You saved my day.
Jay
Thank you so much. Years later, and you're still saving people's days. Why is Jetbrains not fixing this?
try this Intellij > Preferences > Build,Execution,Deployment > Build Tools > Maven > Runner > Delegate IDE build/run actions to Maven. then Rebuild your project
https://intellij-support.jetbrains.com/hc/en-us/profiles/1084050104-Jay
Jay's solution finally solved my problem. I had been Googling for a whole afternoon before I got here. Thank you so much, Jay.
However, IDEA had been working well on my laptop for almost a year before the certificate problem started to happen 2 weeks ago.
Since I didn't change anything on my computer, I think the Symantec should be the culprit --- it is remotely controlled by the IT team and I think they must have changed some configuration.
Anyway, thank you very much, Jay.
I get a similar error even after following Jay's solution.
:::: ERRORS
Server access Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target url=https://repo1.maven.org/maven2/org/scala-sbt/sbt/0.13.9/sbt-0.13.9.pom
Any ideas?
I did the whole process again but this time I downloaded the root certificate from the browser instead of using step 1 of Jay's answer. This time it works but I am not sure this was the reason, just in case it can help someone.
> This procedure gets you the certificate used by the site you're on, I can't find a way to download a 'personal' certificate since you can't F12 (or click on the lock icon etc etc) if not on a site.
Please try to export a top-level certificate as per https://intellij-support.jetbrains.com/hc/en-us/community/posts/115000094584/comments/360000110684 .
Version 2020.3 and this still hasn't been solved. I have the corporate cert added via the GUI: Preferences > Tools > Server Certificates. That should be enough. IntelliJ should be adding the cert to both the GUI store and its JRE store if it can bother to trust the OS.
For those of you on a Mac using the JetBrains JRE try this:
That solved the problem for me. Your IT departments should be able to provide you with the cert file you'll need.
Hi, I have downloaded Intelli-J IDEA community version from the website https://www.jetbrains.com/idea/download/#section=windows.
I have also downloaded illuminated cloud 2 plugin in intell-J IDE. But I keep getting "unable to find valid certification path to requested target" error and not able to find a solution. Please refer to the below screenshot.
I have tried the above mentioned solution by Jay.
- I downloaded the top most certificate and put it inside C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2020.3.2\jbr\lib\security folder.
Note: I could only find /jbr/lib/Security since I cant find "jre" -> "lib" -> "security"".
Please help me to resolve this issue. I appreciate your support.
Thanks,
Khushbu
Please see https://intellij-support.jetbrains.com/hc/en-us/community/posts/115000094584-IDEA-Ultimate-2016-3-4-throwing-unable-to-find-valid-certification-path-to-requested-target-when-trying-to-refresh-gradle?page=1#community_comment_115000405564.
I did all the steps mentioned in the comment. Added MyCertificate to the keystore of java and JetBrains JRE but no luck. Still get the same error.
I modified the cacerts file based on my comment above (3/23/21) and everything was fine except now IntelliJ won't update because that file has been modified. So you should probably make a copy of the file before modifying it. I tried renaming my file, but IntelliJ still won't update because now the file is missing. I'm guessing my only recourse now is to uninstall IntelliJ and start over.