IDEA Ultimate 2016.3.4 throwing "unable to find valid certification path to requested target" when trying to refresh gradle

已回答

I've just downloaded IDEA Ultimate 2016.3.4 via the Toolbox application, and tried to import a new gradle project. When I try and refresh it I'm faced with "Error: Cause: unable to find valid certification path to requested target". I'm using IDEA behind a company proxy, however this has never been an issue before. I tried adding our certificates into IDEA and still came up empty. The only thing that has changed is that I upgraded from the community edition to the ultimate edition.

Has anyone encountered this before? Or have any guidance on what I can try next. I'm out of ideas.

 

Here is what came out in my logs

[ 10738] INFO - ibility.VersionMetadataUpdater - Failed to parse XML metadata
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at com.intellij.util.io.HttpRequests.openConnection(HttpRequests.java:484)
at com.intellij.util.io.HttpRequests.access$300(HttpRequests.java:57)
at com.intellij.util.io.HttpRequests$RequestImpl.getConnection(HttpRequests.java:278)
at com.intellij.util.io.HttpRequests$RequestImpl.getInputStream(HttpRequests.java:287)
at com.intellij.util.io.HttpRequests$RequestImpl.getReader(HttpRequests.java:305)
at com.intellij.util.io.HttpRequests$RequestImpl.getReader(HttpRequests.java:298)
at com.android.tools.idea.gradle.project.compatibility.VersionMetadataUpdater$3$1.process(VersionMetadataUpdater.java:92)
at com.android.tools.idea.gradle.project.compatibility.VersionMetadataUpdater$3$1.process(VersionMetadataUpdater.java:88)
at com.intellij.util.io.HttpRequests.doProcess(HttpRequests.java:413)
at com.intellij.util.io.HttpRequests.process(HttpRequests.java:390)
at com.intellij.util.io.HttpRequests.access$100(HttpRequests.java:57)
at com.intellij.util.io.HttpRequests$RequestBuilderImpl.connect(HttpRequests.java:252)
at com.android.tools.idea.gradle.project.compatibility.VersionMetadataUpdater$3.run(VersionMetadataUpdater.java:88)
at com.intellij.openapi.application.impl.ApplicationImpl$2.run(ApplicationImpl.java:309)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 32 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

1

I modified the cacerts file based on my comment above (3/23/21) and everything was fine except now IntelliJ won't update because that file has been modified. So you should probably make a copy of the file before modifying it. I tried renaming my file, but IntelliJ still won't update because now the file is missing. I'm guessing my only recourse now is to uninstall IntelliJ and start over.

0

You may want to keep the modified copy outside of the IDE install location and use

-Djavax.net.ssl.trustStore=C:/somepath/keystore
-Djavax.net.ssl.trustStorePassword=changeit

in Help | Edit Custom VM Options.

0

This is still an issue after 5 years...

Please someone at jetbrains make the gradle download work like the rest of downloads and prompt for the untrusted cert with a "allow" button... just like in 90% of the other places where downloads are required (maven dependencies, db drivers, toolbox, etc...)

Also I have checked the box that says "accept non-trusted certificates automatically" and it's not being respected by the gradle download.

I now have to "hack" intelliJ to use a specific jdk, which will mess with auto updates using toolbox etc....

0

Serge Baranov

As you mentioned earlier https://intellij-support.jetbrains.com/hc/en-us/community/posts/115000094584-IDEA-Ultimate-2016-3-4-throwing-unable-to-find-valid-certification-path-to-requested-target-when-trying-to-refresh-gradle?page=1#community_comment_115000405564

is a working solution, but also this solution brokes down IDEA's update.

I think it should be the option to force update this cacerts, because we don't have another mechanism by now and it's ok to add certs again after update.
0

Yexella

People have already reported that to our tracker: https://youtrack.jetbrains.com/issue/IDEA-281915

Feel free to leave additional comments in the issue.

0

To fix Rider on Windows 10:

  1. In Chrome, navigate to "https://www.google.com"
  2. Hit F12, go to the "Security" tab
  3. Click View Certificate
  4. Go to the Details tab
  5. Click Copy to File..., click Next
  6. Chose base64-encoded, click Next
  7. Enter filename (with .cer extension)
  8. Click Next, click Finish
  9. Launch Rider, go to File -> Settings..., then find Tools -> Server Certificates
  10. Click the "+" button, find the file you exported, and click "Open"
  11. Click Save. You may need to restart the IDE.
0

I am currently running PhpStorm on a mac with the same problem but in the install path of PhpStorm I am not seeing a  folder "jre64" or "jre32" or "jre" -> "lib" -> "security". Am I missing something I am using PhpStorm 2021.2.

0

Jay Murphy The folder is called jbr:

/Applications/<product name>.app/Contents/jbr/lib/security/cacerts
0

Can't believe but even after so many yrs, this problem is still persistent and Jay's solution around downloading the keystore from Chrome + updating IntelliJ's Maven and Gradle JDK to Jetbrains runtime version + restarting system worked for me.

0

Writing this in 2023, I can confirm that the solution provided by Jay and Sinno worked for me with IntelliJ IDEA 2022.3.3 (Ultimate Edition). My problem wasn't directly related to a Maven/Gradle-build but an IntelliJ-Plugin that stopped working. Also, my crt sits in a folder which path is "/jbr/lib/security"; note that it's not in "jre" but jbr. Thought I leave this here as a comment because at first I was afraid that it wouldn't work because I don't have a jre-folder but it works anyway! 

0

I added zscalar cert to pycharm server certificates but still cannot access public endpoints from IDE. Code continue to below error

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))

0

Chauhan Priyankaa You may want to ask your security team to exclude these resources from filtering.

0

Serge Baranov Am confused post zscalar install, if I can access these endpoints from browser then why cannot I access from IDE(pycharm) once I added zscalar cert

 

0

Chauhan Priyankaa What IDE version and OS do you use? Current release should be able to use the same certificates as installed on your system.

0

@Serge Baranov I use WebStorm 2023.2 Build #WS-232.8660.143, built on July 21, 2023 and DataGrip 2023.2 Build #DB-232.8660.111, built on July 19, 2023. I tried all the instructions, but Plugins (GitHub Copilot in particular) don't work.

I resolved the issue with DataGrip and Azure SQL Db data source by setting the data source's VM Options to -Djavax.net.ssl.trustStoreType=WINDOWS-ROOT. After this, I was able to connect. But Copilot doesn't work whatever I try.

0

Happening in IntelliJ IDEA 2023.1.5 (Ultimate Edition) again. Project is SpringBoot with Kotlin with JDK17. All the cacerts tips were for nothing. 

Maven settings in IntelliJ showed: "Use settings from .mvn/maven.config with the following settings": 

-Dmaven.wagon.http.ssl.insecure=true
-Dmaven.wagon.http.ssl.allowall=true
-Dmaven.wagon.http.ssl.ignore.validity.dates=true

 

Unfortunately, that file resided not in .mvn, but in %userprofile%/.mvn. Copied the file into the project and then PKIX shit went away.

Also, I added 

-Dmaven.resolver.transport=wagon

for good measure.

0

Holy crap, half the planet ist chasing certificates half of their working time. 

Added the certificates in all my jdks and still to no avail. IT is broken dudes. 

0

Stephan Avigue Do you get this error when using Gradle? Please contact support with more details so that we can help you.

0

7 years later and Jay's solution still works. incredible stuff, thanks jay! 

0

请先登录再写评论。