Does this appear in your Java stack trace while trying to start a test with Sauce Labs?
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Confirm this is your issue:
Add this flag to the Java VM from the command line or your IDE while running or debugging.
-Djavax.net.debug=all
Using "ssl" instead of "all" may be required on older versions of java.
- Are you using a Java framework or library?
- Are you making an HTTPS call or attempting to start a test session on Sauce Labs?
- Are you using SSL/TLS certificates to make some sort of network call?
Solution
You have several options. Choose one of the below.
- If you're on Windows add this flag ( -Djavax.net.ssl.trustStoreType=WINDOWS-ROOT )to your Java VM while running or debugging your program. This will force Java to use your operating system's truststore.
- Upgrade your Java installation to a later version. A new installation is bundled with a more up-to-date truststore. This won't work if your organization is performing Man-in-the-middle style inspection of traffic and inserting their own certificate.
- https://stackoverflow.com/questions/1201048/allowing-java-to-use-an-untrusted-certificate-for-ssl-https-connection Force trust all certificates, ⚠️ insecure.
- Use Java's keytool to import and trust the CA certificate that is causing the failure:
- You must use keytool to import the file. See this doc for an example https://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html
- You may have to contact your Networking/IT team to obtain the certificate that is being used. This could be the cert used by a proxy or firewall to re-encrypte traffic within your organization's network.
Why is this happening?
You're seeing this because Java is trying to use its own custom trust store. If a certificate is missing then it must be added to Java trust store. Java requires that you maintain your own truststore (aka SSL keychain, Root CA store, CA cert directory)
From the Java Reference Guide Note: The JDK ships with a limited number of trusted root certificates in the java-home/lib/security/cacerts
file. As documented in keytool reference pages, it is your responsibility to maintain (that is, add and remove) the certificates contained in this file if you use this file as a truststore.
If you are using a Java framework or library you may have a problem when making any HTTPS calls. Like when making a Remote Webdriver request to ondemand.us-west-1.saucelabs.com. There can be interference if a corporate proxy or firewall is inserting its own Certificate, you would need to confirm that then add the additional certificate to Java's trust store.
SSL certificates (aka a truststore) are typically managed by the Operating System. Other languages like JavaScript or Ruby defer to the local trust store when making HTTPS calls. Other languages and tests may be able to use Sauce Labs without a problem.