If you’ve ever attempted to make an SSL callout to an external system from Salesforce, and the endpoint has an invalid, expired, or self-signed certificate, you’ve likely come across this very message:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This could commonly be an issue for a test environment, or a non enterprise setup, for instance.
There is no way to add a self-signed certificate to Salesforce’s keystore. The only option is to go with a widely recognized third party signed certificate. Fortunately, they’re rather inexpensive. You can get a RapidSSL cert from MyDomain for $29/year, or even a one month free trial works in this case. I was able to turn an expired self-signed cert into a valid one in less than one hour following their instructions.
Summary: if you’re getting this issue, get a new cert! It’s cheap and quick to configure.
More info can be found on this discussion board thread.
[Disclaimer: I am a former employee of mydomain.com. I don’t get paid for the referral, I just think it’s a great service.]