SSL/TLS error prevented download of tile
Brought to you by:
r_x
Menu
▾
▴
#350 SSL/TLS error prevented download of tile
I get the following error by accessing the WMS server:
ERROR - SSL error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
WARN - SSL/TLS error prevented download of tile 10/535/362@<snip/>: <snip/>: java.security.cert.CertificateException: Untrusted certificate encountered: publicKeyHash="<snip/>"; certificate issued for <snip/>
I suspect a java keystore problem, but cannot find which keystore is involved.
The certificate chain is valid: I can fetch tiles with Firefox and check that the certificates are trusted.
java version "1.8.0_281"
Java(TM) SE Runtime Environment (build 1.8.0_281-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.281-b09, mixed mode)
Running Linux Mint 20.1
Some servers are configured wrong and even if the root CA certificate is trusted they forget to send the intermediate certificates. Firefox is so kind to provide an own large intermediate CA store to fix such problems. Java does not provide such a service to correct defect HTTPS servers.
Another possible reason is that Firefox has it's own trusted root CA list. Java on Linux does (as far as I know) use the trust list of the OS.
Most likely this is the problem.
You can test the server regarding SSL/TLS problems: https://www.ssllabs.com/ssltest/
Last edit: r_x 2021-02-10
Checking the server with the URL you provided returns A grade for all 4 IP's.
So it is not the certificate chain itself.
An interesting point is that using OpenJDK is avoiding the problem:
The grade of the server is not relevant. Look at the detail result especially on the cert chain.
You are on Linux and you use SunJRE!?
OpenJDK is IMHO at the moment the most preferred Java version to use. SunJRE is dead because of license restrictions and Java 8 is getting a bit old.