Explanation

Sometimes, XWiki fails to access HTTPS websites, and logs an SSL handshake exception:

2017-03-14 20:40:17,494 [http://dwswiki10:8080/xwiki/bin/admin/XWiki/XWikiPreferences?editor=globaladmin&section=XWiki.AddExtensions] ERROR aultExtensionRepositoryManager - Failed to search on repository [store.xwiki.com:xwiki:https://store.xwiki.com/xwiki/rest] with query [org.xwiki.extension.repository.search.ExtensionQuery@78b5e254]. Ignore and go to next repository.
org.xwiki.extension.repository.search.SearchException: Failed to search extensions based on pattern []
        at org.xwiki.extension.repository.xwiki.internal.XWikiExtensionRepository.search(XWikiExtensionRepository.java:434)
...
Caused by: java.io.IOException: Failed to request [https://store.xwiki.com/xwiki/rest/repository/search?start=0&number=20&q=]
        at org.xwiki.extension.repository.xwiki.internal.XWikiExtensionRepository.getRESTResource(XWikiExtensionRepository.java:246)
...
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
...

Cause

This usually happens because the Java Runtime Environment (JRE) used to run XWiki is too old to validate the SSL certificate of the target server. Specifically, versions of Java 8 older than update 101 do not include the necessary root certificates to validate some HTTPS connections.

Solution

Upgrade Java 8 to at least update 101 (no need to jump to Java 9 or higher). You can check your Java version: java -version. Restart your application server (Tomcat, Jetty, etc.) after upgrading Java so that XWiki picks up the new runtime.

Related

• Multiple Instances of XWiki in the Same Container.
• XWiki behind a Proxy Server.
• "File Path too Long" on Windows when Unzipping.