I have a web application that uses Google reCAPTCHA V2. It works fine in GlassFish 5.0 with JDK 1.8.0_144 and also in WildFly 14 with JDK 1.8.0_231. I deployed it to a GlassFish 5.1 server with JDK 1.8.0_231. Site verification fails with the following exception:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I understand that a required certificate is missing. That certificate is present in the cacerts.jks file of 5.0 but missing in 5.1. Listing their content with keytool, I could see that the cacerts.jks file of version 5.0 has 76 certificates, while the file of version 5.1 has only 2 (glassfish-instance and s1as). Replacing the cacerts.jks file of 5.1 with the file of 5.0 my application works just fine in 5.1.
I couldn't find any information about a required certificate in Google reCAPTCHA's web page. How do I identify and get the required certificate?
I've found a solution. This is it:
keytool -import -file recaptcha.cer -alias recaptcha -keystore GLASSFISH_HOME/glassfish/domains/domain1/config/cacerts.jks -storepass changeit. The keytool.exe file is located at JAVA_HOME/bin.I hope this helps another fellow programmer with no certificate experience.
Warning: the certificate is only valid for about 3 months; The one I got is valid until next January 2. It seems that this procedure will have to be repeated periodically.
EDIT 11/13/2019: This solution worked only for a few days, although the certificate claims to be valid until January. I obtained another certificate and repeated the procedure, but this time it did not work. So I really haven't found a solution yet.