I am trying to load some triples from URLs into GraphDB 9.1.1. I have done that in the past without any problem, using the web based Workbench, or via the rest/data/import/upload/<repository>/url endpoint.
An exmple URL is https://bitbucket.org/uamsdbmi/dron/raw/master/dron-full.owl
When I tried loading triples today, I get
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have GraphDB 9.5.0 running on my laptop and can load triples from URLs there. I may not necessarily have implemented all of the same security measures that my scientific computing department uses on their servers.
Partially in response to the answer from A'B, the enterprise server is using
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
and my laptop is using
openjdk version "1.8.0_265"
OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_265-b01)
OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.265-b01, mixed mode)
sun.security.provider.certpath.SunCertPathBuilderException are usually caused by missing intermediate SSL certificates: you may want to cross-check your URLs using https://www.ssllabs.com/ssltest/analyze.html.
If that is actually the case, your options are:
-Dcom.sun.security.enableAIAcaIssuers=true
keytool along the following lines (copied from old notes, your mileage may vary…), making sure to target the JRE installation used by GraphDB: sudo $JAVA_HOME/bin/keytool \
-import -alias "{your alias here}" -file {public certificate here}.crt \
-keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit