PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException about spring-boot-admin HOT 4 CLOSED

Hi,

this sounds like a general issue in setting up self-signed certificates in Java context. Make sure that the JRE/JDK you are using has imported the self-signed p12 certificate into its cacerts file by running keytool:

keytool -v -importkeystore -srckeystore localhost-ssl.p12 -srcstoretype PKCS12 -destkeystore "<path to your jdk/jre>/lib/security/cacerts" -deststoretype JKS

Cheers,
SteKoe

from spring-boot-admin.

Hi @SteKoe ,

I have imported the self-signed p12 certificate into its cacerts file. But his also, doesn't resolved the issue and now throwing warning

[2024-03-21 12:58:43.843] [,] [WARN ] [ 153] [ApplicationRegistrator ]: Failed to register application as Application(name=sample-service, managementUrl=https://127.0.0.1:8080/sample/actuator, healthUrl=https://127.0.0.1:8080/sample/actuator/health, serviceUrl=https://127.0.0.1:8080/sample) at spring-boot-admin ([https://localhost:1234/instances]): I/O error on POST request for "https://localhost:1234/instances": Certificate for doesn't match any of the subject alternative names: []; nested exception is javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: []. Further attempts are logged on DEBUG level

from spring-boot-admin.

@pSinghDelaplex as you have self signed certificates, they are not trusted by default. So your spring boot admin server needs to trust the certificate of your application and your application needs to trust the certificate of your spring boot admin server.
That is why you needed to import them. If you import them into your jre, then all applications running on that jre will trust these certificates. So now you find a valid path to the certificate.

But your certificates do not match the host you are using them for. You could try to generate certificates that match your hosts. Otherwise, the validation can be disabled in http clients, but this would not be recommended for production systems!

from spring-boot-admin.

As this is completely unrelated to Spring Boot Admin we will close this issue now. If you have more questions regarding that topic we recommend asking on stackoverflow or research in the docs.

from spring-boot-admin.