Re: [Hbci4java-help] java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

[Rolf V. <ro...@we...>]

> Any idea what could have happened?
> IŽm sure the old certificate wasnŽt in the list of trust-ancors too
> and that it was implemented to simply accept all certificates.
> The code of the application has not changed in half a year.

If your application hasn't changed, maybe the server was upgraded or something alike. Maybe it got an "Extended Validation" certificate instead of a plain one.

It seems as if the application is doing a real check whether the server's certificate is valid. So you could provide this list with the following information:

-> How you tried to implement the "simply accept all certificates" part of the application. Maybe this class (classes) is not really loaded and used, or it contains some sort of mistake.

-> Which host you tried to connect to. If the host has an official certificate (that would be accepted by all major browsers), it should not normally be necessary to accept all certificates. In this case, you probably only want to add the root certificate of the certificate authority, as well as the immediate certificates that are used in the chain. Accepting all certificates (including invalid ones) should only be the last thing you do if everything else fails or if the server is completely under your control and you don't want to spend any money on a real certificate (for example, a dev server on a local network).

> Marcus
>
>
>
> 02343 [AWT-EventQueue-0] WARN
> biz.wolschon.finance.jgnucash.HBCIImporter.PropertiesHBCICallback  -
> the job with the code HKSYN seems not to be allowed with PIN/TAN
> 202594 [AWT-EventQueue-0] INFO
> biz.wolschon.finance.jgnucash.HBCIImporter.PropertiesHBCICallback  -
> status: statusTag=23 o[]=null
> 202980 [AWT-EventQueue-0] WARN
> biz.wolschon.finance.jgnucash.HBCIImporter.PropertiesHBCICallback  -
> could not insert the following user-defined data into message:
> Crypted.CryptHead.SecProfile.method=PIN
> 203012 [AWT-EventQueue-0] WARN
> biz.wolschon.finance.jgnucash.HBCIImporter.PropertiesHBCICallback  -
> could not insert the following user-defined data into message:
> Crypted.CryptHead.SecProfile.version=1
> 203170 [AWT-EventQueue-0] INFO
> biz.wolschon.finance.jgnucash.HBCIImporter.PropertiesHBCICallback  -
> callback: reason=24 msg="Bitte stellen Sie jetzt die Verbindung zum
> Internet her" datatype=0 retData=""
> 203171 [AWT-EventQueue-0] INFO
> biz.wolschon.finance.jgnucash.HBCIImporter.PropertiesHBCICallback  -
> status: statusTag=24 o[]=null
> 203363 [AWT-EventQueue-0] ERROR
> biz.wolschon.finance.jgnucash.HBCIImporter.PropertiesHBCICallback  -
> org.kapott.hbci.exceptions.HBCI_Exception: Fehler beim Senden der
> HBCI-Nachricht zum Server
>         at org.kapott.hbci.comm.CommPinTan.ping(CommPinTan.java:124)
>         at org.kapott.hbci.comm.Comm.pingpong(Comm.java:66)
>         at
> org.kapott.hbci.manager.HBCIKernelImpl.rawDoIt(HBCIKernelImpl.java:358)
>         at
> org.kapott.hbci.manager.HBCIKernelImpl.rawDoIt(HBCIKernelImpl.java:184)
>         at org.kapott.hbci.manager.HBCIUser.fetchSysId(HBCIUser.java:441)
>         at
> org.kapott.hbci.manager.HBCIUser.updateUserData(HBCIUser.java:646)
>         at org.kapott.hbci.manager.HBCIUser.register(HBCIUser.java:667)
>         at
> org.kapott.hbci.manager.HBCIHandler.registerUser(HBCIHandler.java:207)
>         at
> org.kapott.hbci.manager.HBCIHandler.<init>(HBCIHandler.java:132)
>         at
> biz.wolschon.finance.jgnucash.HBCIImporter.HBCIImporter.synchronizeAllTransactions(HBCIImporter.java:170)
>         at
> biz.wolschon.finance.jgnucash.HBCIImporter.HBCIImporter.runImport(HBCIImporter.java:326)
>         at
> biz.wolschon.finance.jgnucash.actions.ImportPluginMenuAction.actionPerformed(ImportPluginMenuAction.java:103)
>         at
> javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1995)
>         at
> javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2318)
>         at
> javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
>         at
> javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)
>         at javax.swing.AbstractButton.doClick(AbstractButton.java:357)
>         at
> javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:1220)
>         at
> javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:1261)
>         at
> java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:272)
>         at java.awt.Component.processMouseEvent(Component.java:6041)
>         at javax.swing.JComponent.processMouseEvent(JComponent.java:3265)
>         at java.awt.Component.processEvent(Component.java:5806)
>         at java.awt.Container.processEvent(Container.java:2058)
>         at java.awt.Component.dispatchEventImpl(Component.java:4413)
>         at java.awt.Container.dispatchEventImpl(Container.java:2116)
>         at java.awt.Component.dispatchEvent(Component.java:4243)
>         at
> java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4322)
>         at
> java.awt.LightweightDispatcher.processMouseEvent(Container.java:3986)
>         at
> java.awt.LightweightDispatcher.dispatchEvent(Container.java:3916)
>         at java.awt.Container.dispatchEventImpl(Container.java:2102)
>         at java.awt.Window.dispatchEventImpl(Window.java:2440)
>         at java.awt.Component.dispatchEvent(Component.java:4243)
>         at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
>         at
> java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:273)
>         at
> java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:183)
>         at
> java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:173)
>         at
> java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:168)
>         at
> java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:160)
>         at java.awt.EventDispatchThread.run(EventDispatchThread.java:121)
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path validation
> failed: java.security.cert.CertPathValidatorException: Path does not
> chain with any of the trust anchors
>         at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
>         at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
>         at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
>         at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
>         at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
>         at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
>         at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
>         at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
>         at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
>         at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
>         at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
>         at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
>         at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
>         at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
>         at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
>         at org.kapott.hbci.comm.CommPinTan.ping(CommPinTan.java:121)
>         ... 39 more
> Caused by: sun.security.validator.ValidatorException: PKIX path
> validation failed: java.security.cert.CertPathValidatorException: Path
> does not chain with any of the trust anchors
>         at
> sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:251)
>         at
> sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:234)
>         at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:148)
>         at sun.security.validator.Validator.validate(Validator.java:218)
>         at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
>         at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
>         at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
>         at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
>         ... 50 more
> Caused by: java.security.cert.CertPathValidatorException: Path does
> not chain with any of the trust anchors
>         at
> sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:195)
>         at
> java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
>         at
> sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:246)
>         ... 57 more
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAktJ4n4ACgkQf1hPnk3Z0cRQjACfb+ybJ4FTziatPh7yS5ClXOqU
> 81EAnjEF6UJxCn/ObA+HNdt92Rczyaph
> =CHYg
> -----END PGP SIGNATURE-----