I'm currently representing a colleague on vacation. One of the applications he was in charge of has been reporting the following error for a few days.
Error: IOException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I did some research and found out that it might be related to a self-signed certificate which is not found in the trust store.
But since I haven't changed anything and everything worked fine before, can it be that the certificate has expired? Can an expired certificate produce such an error message? If so, can I somehow determine the expiration date from a key store file?
It doesn't look like an expired certificate. Based on this question the expired certificate should produced CertPathValidatorException: timestamp check failed message e.g.
qtp1735121130-17, handling exception: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: timestamp check failed
You can take a look at How to Analyze Java SSL Errors article to see what else can you do, it boils down to using -Djava.net.debug option and analyzing logs.
I'd start by comparing the self-signed certification in trust store against the one that is actually used on the environment. Self-signed certificates are easy to issue, perhaps someone has issued a new version.