I’ve a certificate problem, using the code below in my portlet I get a certificate error
URL url = new URL(hostName + “intranet/TU/sessionvalidator/” + sessionID );
URLConnection con = url.openConnection();
com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=SBG Certificate Authority, DC=dpardirectory, DC=com is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error
I got the two certificates and sucefully imported into cacerts sucefully:
keytool -importcert -keystore /var/opt/webMethods/v8/jvm/aix160_64/jre/lib/security/cacerts -trustcacerts -file /sistemas/BPM/keystore/wexcertificate.der -a
lias webComex
keytool -importcert -keystore /var/opt/webMethods/v8/jvm/aix160_64/jre/lib/security/cacerts -trustcacerts -file /sistemas/BPM/keystore/wexcertificateCA.der -a
lias webComex
The message you got “chaining error”, means that the client could not build a proper certificate chain from what the server sent you to one of the trust roots in your JVM. It is possible the server is not configured properly even though it may work with some clients. A couple suggestions to resolve:
try with browser. If it works with no warnings use the certs it found for proper path
try with OpenSSL s_client, this shows the certs the server is sending
$ openssl s_client -connect host:port -showcerts
My webMethods application try to connect to the site using https (URLConnection/HttpsURLConnection). The certificates were correctly imported. One of them is self-signed. Two certificates were imported as mentioned above to the truststore located in webMethods/v8/jvm/aix160_64/jre/lib/security/cacerts.
The application reports an chaining error.
Are the certificates imported to the correct truststore?