When running Java/Spring applications, including Okta Samples, the following error is returned:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This article discusses what commonly causes this error and how to resolve it. 

• Java
• Spring
• Certificate

This error is commonly caused by a missing or expired root certificate, especially with older Java installations.

To resolve this error:

1. Make sure to be disconnected from any proxies/VPN.
2. Download and save the Okta Certificate using the steps outlined in How to Save the Okta Certificate from a Browser.
3.  Navigate to the Java installation directory where the cacerts file resides:
   • /Users/{username}/Library/Java/JavaVirtualMachines/{version}/Contents/Home/lib/security/
   • Windows: C:\Program Files\Java\<JDK_or_JRE_version>\lib\security
4. Run the following command:

   keytool -importcert -keystore cacerts -file ~/{path to downloaded cert}/okta.pem -alias okta -trustcacerts -storepass changeit

5. After the certificate has been imported, restart the application/JVM.