Exception unable to validate certificate of the target in spring MVC

If you are still facing issues with certificates even after importing the certificate as indicated by @Gergely Bacso then make sure that the java.exe or javaw.exe binaries you have linked to your IDE or in your command line used to run your Java application are those from JRE not the JDK, I got certificate errors even after installing the certificate in cacerts keystore until I realised the binaries I was using were from the JDK. After I switched path to JRE everything went as expected and I was able to connect successfully. I hope it saves someone's time trying to debug the problem.


The problem you are facing is that your application cannot validate the external server you are trying to connect to as its certificate is not trusted.

What happening in short is:

  • your application tries to connect to the a Jira instance over a secure (HTTPS) channel
  • to establish the secure connection the application downloads the certificate
  • the application checks the validity of the certificate by trying to trace it back to a known CA (kept in the JRE cert-store)
  • certificate check fails because the cert is self-signed (most likely) or expired, etc.

If this Jira instance is on-premise (hosted by your company) then having a self-signed certificate is not at all unlikely. In this case the certificate is not issued by a known CA, so if you wish to trust it, you need to manually register it.

First obtain the certificate:

openssl s_client -connect jira.example.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt

Then import it into your own keystore:

$JAVA_HOME/keytool -import -alias <server_name> -keystore $JAVA_HOME/lib/security/cacerts -file public.crt

Note: the commands above are for Unix environment. Under Windows I would suggest using similarly openssl from command line, but there are also GUI tools available for the same purpose.