I am working on STS and while creating a new spring-boot project, it shows following error:
SunCertPathBuilderException: unable to find valid certification path to requested target since it access as a service URL.
I am working in a corporate network and they have their own certificates and security rules. I looked into web but could not find any clear solution for STS. How should I add certification path in STS for given URL. Any help is appreciated.
111 Answers
I encountered the same problem and tried this: Window -> Preferences -> Network Connections Change mode to Manual
It works fine now.
1It would seem like the http now gets redirected to https. So changing https to http may not work. I am barely familiar with digital certificates. However, I have simply listed what I had to do to get it to work for me. This is perhaps what @Strelok has suggested.
I am on Windows 10 and JDK 1.8.0_144 64bit. I am also behind a corporate proxy. I did the following to get it to work for me. If you are in a similar situation it may work for you.
Export the corporate certificate (There may be other easier ways of doing this)
- On Chrome, I went to
- On the location bar clicked on the 'Lock' symbol next to https.
- Selected 'Certificate(Valid)' on the ensuing pop-up.
- On the resulting dialog box, clicked on the 'Certificate Path' tab, from under certificate path tree selected the root node, and then clicked on 'View Certificate'
- On the resulting dialog box, clicked on the 'Details' tab and then clicked on 'Copy to File'
- This brings up the 'Export wizard', clicked on 'Next'.
- Left the certificate format to default 'DER encoded..', clicked on 'Next'.
- Provided file name (.cer extension) for the certificate.
- Clicked Finish.
The above steps exported a certificate to a file that I imported into truststore (cacerts).
To import
- Opened a 'Command' prompt as Administrator to import the certificate
- Went to bin directory of Java installation (this step is not needed if jre/bin is in your path)
Ran the following:
C:\Program Files\Java\jre1.8.0_144\bin>keytool -importcert -alias your-alias -keystore "C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts" -storepass changeit -file C:\certificate-file-location\saved-certificate-file.cer
(Substitute your java location, certificate file location and certificate file name as appropriate. The 'storepass' should be 'changeit'.)
Restarted STS
1The simplest solution is to install your corporate certificate into the cacerts keystore of the JDK.
<JAVA_HOME>/bin/keytool -import -alias CorpProxy -keystore <JAVA_HOME>/jre/lib/security/cacerts -file your_corp_cert.crt You will be prompted for the keystore password which is changeit by default.
Try http instead of https in the URL
The following error will be resolved "SunCertPathBuilderException: unable to find valid certification path to requested target"
6In the case if none of above work, try below steps. It works fine for me as I was also working under corporate network, had same issue.
- Close STS tool if open.
- Locate STS.ini file (mostly where you have installed STS tool and have STS.exe)
Edit STS.ini. Add following two line at the bottom (Use your JDK location, below one is just a sample)
-Djavax.net.ssl.trustStore=C:\Program Files\Java\jdk1.8.0_20\jre\lib\security\cacerts
-Djava.net.ssl.trustStorePassword=changeit
Save STS.ini and restart the STS.exe.
It works in my case. Thank you.
3The best thing to do in this case is open in browser and
and fill in your project name in Artifact field and your project base package in Group field click on
Generate project button
that will download your-project-name.zip file into your downloads folder . now extract this file into your sts workspace or anywhere you like .
now import the project in STS as Existing maven project
You are done
Adding below to eclipse.ini
-Djavax.net.ssl.trustStore=C:\Program Files\Java\jdk1.8.0_20\jre\lib\security\cacerts -Djava.net.ssl.trustStorePassword=changeit worked for me.
I was able to resolve the issue following two steps.
- Firstly I imported certificate present on into the jdk cacerts.
Atlast I added the path of TrustStore and trustStore password in SpringToolSuite4.ini file.
-Djavax.net.ssl.trustStore=C:\Program Files\Java\jdk1.8.0_201\jre\lib\security\cacerts
-Djava.net.ssl.trustStorePassword=changeit
This issue happened to a colleague of mine who was unable to open on his browser as well as unable to create new projects on STS. We were trying to use all of the above solutions but none of them worked.
The last resort we tried was to clear the browser settings of your daily-use browser by:
Ctrl+Shift+Del- Clear / Delete all settings, mainly Cookies & other site data and Cached Images & Files (Browsing History & password can be exempted)
- Re-open the Browser. [Close and open the browser]
- Go to & you will be able to open up Spring Initializer site as well as Make a new Spring Starter project from STS. (Don't know if the problem occurs with IntelliJ, but you can give it a try by following all the steps).
I solved the issue by importing the SSL certificate into the CACERTS file.
However it should be noted, that Eclipse/ STS by default uses its own JRE (in its plugins folder) such as ::
(STS--RELEASE)\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_16.0.2.v20210721-1149\jre\lib\security\cacerts
In Corporate Network, you may not have admin rights to import to cacerts file. The below steps helps to use STS in corporate network without admin privileges
Know your %userprofile% directory
- Start -> Run
- type
%userprofile%and hit enter - This opens a folder for which you may have write access. Note the path
Export the corporate proxy certificate
- On Chrome, go to
- On the location bar click on the 'Lock' symbol next to https.
- Select 'Certificate(Valid)' on the ensuing pop-up.
- On the resulting dialog box, click on the 'Certificate Path' tab, from under certificate path tree select the root node, and then click on 'View Certificate'
- On the resulting dialog box, click on the 'Details' tab and then click on 'Copy to File'
- This brings up the 'Export wizard', click on 'Next'.
- Leave the certificate format to default 'DER encoded..', click on 'Next'.
- Provide
CorpRootCA.ceras file name for the certificate and save in%userprofile%/cacertsfolder. You may have to create thecacertsfolder in your%userprofile% - Click Finish
Identify the JRE Path used by STS
Copy cacerts file
- Goto the jre location from Installed JRE in explorer
- Goto
lib/securityand copy thecacertsfile - Goto
%userprofile%/cacertsand paste it inside the director
Adding corporate proxy certificate using keytool
- Goto the jre location from Installed JRE in explorer
- Type
cmdin the url bar to open command prompt at the location ./bin/keytool -import -alias CorpProxy -keystore %userprofile%/cacerts/cacerts -file %userprofile%/cacerts/CorpRootCA.cer -storepass changeit
The 'storepass' should be 'changeit' which is the default password. If changed use the correct storepass
Making STS point to new certstore
- Open the folder which contains the SpringToolSuite executable
- There will be a configuration file with same file as executable. In my case it was
SpringToolSuite4.ini. Open the file - Append the below lines after changing the
%userprofileto match the user's directory. UpdatetrustStorePasswordas required.changeitis the default value
-Djavax.net.ssl.trustStore=%userprofile%\cacerts\cacerts -Djava.net.ssl.trustStorePassword=changeit
- Restart STS and it should no longer throw
SunCertPathBuilderException: unable to find valid certification path to requested target

