SSLHandshakeException: unable to find valid certification path to requested target

You are trying to connect to a server over SSL and you get the following error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967)
...

This means that your computer does not trust the remote computer. The remote computer serves a certificate that your computer is unable to find a trusted source for. Could be that the remote certificate is selfsigned or uses a CA that you computer does not know

One solution: Add the remote computers certificate into your truststore:
1. Get the remote computer certificate using OpenSSL:

openssl s_client -connect <remote computer adress> <remote computer port>

This will present the remote computers certificate (BEGIN CERTIFICATE to END CERTIFICATE). Copy this to a file (Preserve BEGIN and END rows)
2. Add the remote certificate to your java truststore

sudo keytool -import -alias remote_computer_cert -file <remote computer cert> -keystore /Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre/lib/security/cacerts

3. Done – connect again – the error should be gone

Tested on OSX v10.15.6, OpenSSL 2.8.3 (LibreSSL) and Java 1.8.0_252 (OpenJDK)

OpenShift: add project route in web console using yaml example


As soon as I started using YAML for OpenShift configuration I didn’t turn back. It is so much simpler to handle. Project routes can be configured in the web console but you can also import YAML.

Here is an example of such a YAML:

apiVersion: v1
kind: Route
metadata:
  name: myapp
  labels:
    app: myapp
    name: myapp
spec:
  host: mysuperdomain.se
  path: /myapp
  port:
    targetPort: 8080-tcp
  to:
    kind: Service
    name: myapp

NOTE! You need to setup a project service first so you have something to reference in the route (spec/to)

Tested on OpenShift Web Console: v3.11.153

OpenShift: add project service thru web console example

OpenShifts web console can do a lot but adding new project services is only done thru importing yaml file (or text)

Here is one example of such a yaml text

apiVersion: v1
kind: Service
metadata:
  name: myapp
  labels:
    app: myapp
    name: myapp
spec:
  ports:
    - name: 8080-tcp
      port: 8080
      protocol: TCP
      targetPort: 8080
  selector:
    app: myapp
    deploymentconfig: myapp
  sessionAffinity: None
  type: ClusterIP

Tested on OpenShift Web Console v3.11.153