I have enterprise Java Custom software, and I have a Gravitee server that hosts my APIs. I have at least 1K computers running this software, and sometimes I get this error:
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error : javax.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I get this error ‘randomly’:
- 99% of the time I get no error
- When I get this error on one of the computers on which the software is running, the only way to solve the problem -> restart the software (the error will last the lifetime of the JVM).
- When this error appears on computer 1, computer 2 can make API calls to the target URL -> no API server downtime/unavailability.
Additional information:
- the target API does not have a VIP (VirtualIP/LoadBalancer), it's a simple server that always has the same fixed IP.
- The certificate I add to the KeyStore (cacert) is a self-signed certificate string
- the URL of the target API is on a local domain (example: myAPI.myDomain.lan) -> so there's no need for a Root Certificate Authority (Root CA)
- I am sure that my certificate is correct/functional in the KeyStore since, if I remove it, I get same error message
- I can't find a way to reproduce the problem
- No Proxy
- No headdump or memory leak in the logs
- Java version 1.8.0_231_b11
I have the impression that I've come full circle in solving the problem, and I can't manage to solve it
I need a methodology to approach this problem