PKIX Validation Sengrid-Java
Have you ever use Sendgrid? Well, let me tell you my story using Sendgrid.
In the last few days, my team were develop a notification system. The notification is an Email Service which is using Sendgrid as the Provider. We use the Sendgrid API to communicate with Sendgrid.
Well, in one of our clients we started testing and let them try the Notification system. They are testing it with many scenarios. Lots of it. One of them is by switching dates backwards and forwards, and this is where it’s gone wrong.
Spesifically, their moving the system dates into May 15 and when they are trying to send the email it’s not processed by system. And we got an error saying “PKIX path validation failed: java.security.check.CErtPathValidatorException: validity check failed”.
Well, at first we though because our server is isolated and has limited access to the outside world then maybe it’s the problem. Well, we were wrong. LOL!
Then, we try to send an email from our cloud server. It’s successfull, and you know what? This makes the debugging process a lot more harder. We started to blame the server. LOL! And spend a few days just to find which one is the root-cause.
At the time, we didn’t really sure what we miss. We already move the system dates, backwards and forwards before and it’s not a problem. So why its happening right know?
Last night, i have a little chat with our clients about the problem. And started to focusing the finding on the server configuration or the infrastructure. It might be a difference, between servers that we are using for testing.
So in the morning, i tried to create a simple jar application just to send an email using Sendgrid-Java library. I called the project, tehpucuk. Hahaha
I tried on 4 machine:
- Server 1 using system date : May 15 -> failed to send -> PKIX validation error
- Server 2 using system date : March 28 -> failed to send -> PKIX validation error
- Server 3 (cloud) using system date : January 25 -> succeed
- Server 4 which is my local machine : January 30 -> succeed
On the server 1 and server 2, it is displaying the stacktrace and we managed to find the root-casue immidiately, and try new case:
- Server 1 using system date : May 15 -> failed to send -> PKIX validation error
- Server 2 using system date : January 15 (random pick) -> succeed
- Server 3 (cloud) using system date : May 15 -> failed to send -> PKIX validation error
- Server 4 which is my local machine : January 30 -> succeed
From above cases, we decided that the problem is because the system dates is greater than the expiry date of the SSL Certificate of Sendgrid. The SSL Certificate will be expired soon at 28 February 2019. LOL
If you are using Sendgrid and have the same problem when testing the same case, hope above explanation will help you.
Happy Hacking!