Hello!
I've been working on an integration with the Microsoft Graph API, on a Java application, running on a wildfly server and most of the times, when trying to retrieve the access token, I receive the following certificates error:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target,
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The steps I follow for authorization are:
1. The authorization URL (login.microsoftonline.com/common/oauth2/v2.0/authorize) - This one works, and receive the authorization code
2. The token URL (login.microsoftonline.com/common/oauth2/v2.0/token) - This one will throw the error related to certificates.
3. In some cases, for which I did not find a pattern, the authorization and retrieving the access token works, but I will receive the certificates error when retrieving a new access token by the refresh token.
In some cases, the authorization flow works without any errors, and of course, I can also use other services provided by the API.
I've tried two ways for adding the certificates to the Java truststore:
Made a call to the outside URLs: login.microsoftonline.com and graph.microsoft.com and requested the public key, for example:
openssl s_client -connect login.microsoftonline.com:443 -showcerts -servername "login.microsoftonline.com" |openssl x509 -outform PEM
Then I grabbed the key that was served and saved it into a .pem file locally. Then I imported the PEM into the java truststore, using keytool:
keytool -importcert -file loginmicrosoftonline.pem -keystore truststore.jks -alias "loginmicrosoftonline"Took the certificates from chrome - click on site icon left to address in address bar, select "Certificate" -> "Details" -> "Copy to file.." and save in format "Der-encoded binary, single certificate". This was from the following URLs: graph.microsoft.com/v1.0/ and login.microsoftonline.com. I've imported them using keytool.
My question is: what am I missing here? Is there another way I should handle the certificates?
Looking forward to hearing your answers! Thank you!