Handling “javax.net.ssl.SSLHandshakeException” in Java for AEM inter-server communication.
I was setting up one dispatcher flush agent in one of my publisher server to implement a real scenario. After entering values in all the required fields, when I click on the Test Connection on the result page it says “Replication test failed“
After looking into the stack trace I was surprised and clueless as the required certificate was present and active on my dispatcher server.
Stack trace:
Error while sending request: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
After doing some google, I came to know that though you have certificate present there on your application server and not expired as well, java(JRE) installed, on which your AEM instance is running, is not recognising because those certificates were self signed.
Now the question is, how to make java to trust the certificate?
Lets find out the answer
To make your Java Runtime Environment trust the certificate, you will have to import the certificate into the JRE certificate store.
Steps to import the certificate to the JRE certificate Store:
First, you need to download the certificate in your local machine after opening the site in any browser. Path for the certificate can be different in different browser. like in Chrome you can find it in, Chrome Customise →More Tools →Developer Tool →Security Tab → View Certificate button. Then drag the certificate in somewhere in your machine.
Or in Firefox you can find it at Option →Preferences → Privacy and Security Tab on the left side pane → then on Certificates option you will have View Certificates button → then on next window you can select the Export button → Save it somewhere in your machine with format type DER.
Second, You need to Upload the downloaded certificate on the server, on which AEM and Java are installed, with the help of Filezilla or Winscp or any-other tool available for the same purpose with appropriate permission.
Third, Import the certificates in the JRE store by running the below command
keytool -import -alias alias -keystore path-to-jre/lib/security/cacerts -file path-to-certificate-fileUsed One:keytool -import -alias dev-aem_server_name_com -keystore /app/temp/jdk/jdk1.8.0_191/jre/lib/security/cacerts -file /app/temp/certs/name_of_the_certifcate.crt
Once you enter the command you will be prompted to enter the password in my case I used the default password as changeit
Then again it will ask you to give your consent for Trust this certificate? press “y” as your consent.
After successful import you will get message like:
Now you are done with steps now it’s time to verify it.
In my case I was verifying the dispatcher flush agent and now it is giving
Replication test succeeded
Note: When I was doing this steps, My AEM instance was stoped. then I started it again after successful implementation.
Hope this will help.
