Can't use Amazon S3 API over SSL?

Question

I\'m trying to use Amazon S3 API to encrypt and upload a file.

public class AmazonS3 {

    String KmsId = \"my_id_comes_here\";

    private TransferManager         


        

Answer 1

Thank you, we had similar problem but I tweaked response a little bit for our scenario.

I received this com.amazonaws.AmazonClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

exception when trying to connect to AmazonDynamoDB.

When we moved our application to HTTPS we started receiving this error.

So the solution was the same, the only difference was instead of client.ts I had to add certificate into cacerts which was generated during HTTPS migration.

keytool -importkeystore -srckeystore $JAVA_HOME/jre/lib/security/cacerts -destkeystore test.p12 -srcstorepass changeit -deststorepass test;

Thanks,

Answer 2

Your trust store doesn't have the certificate authority that secures the AWS APIs. You need to create a new trust store that combines client.ts with the ones required for AWS. The easiest way to do this is to merge client.ts with the cacerts keystore from the JRE.

Example:

keytool -importkeystore -srckeystore client.ts -destkeystore combined.ts -srcstorepass changeit -deststorepass changeit
keytool -importkeystore -srckeystore $JAVA_HOME/jre/lib/security/cacerts -destkeystore combined.ts -srcstorepass changeit -deststorepass changeit

Then use combined.ts instead of client.ts.