The last error you listed: unable to find valid certification path to requested target, indicates that your IS system doesn’t trust the server cert of the system you are connecting to.
You can get the cert chain using browser (as you had been testing with chrome tool, you can get it there), install the root and intermediate cert to your local IS trust store.
If you don’t have a trust store, you need to create one.
Tong, Thanks for your help. I read upon keystore/truststore and I did the following.
I downloaded the certificate from the REST client provider.
Generated the keystore
Generated the trust store
Created new keystore alias and trust store alias pointing to these files with respective passwords in IS server
I am still getting the same error.
com.wm.app.b2b.server.ServiceException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
How does the pub.client.http know to use these stores when making the REST call?
When I try to change the DEFAULT_IS_KEYSTORE to the keystore, I have created, it is asking for an alias but I do not have anything in the alias drop down box. For DEFAULT_IS_KEYSTORE, I see an alias of “ssos”
when I edit the keystore, I do not see this “sso” as a configurable value.
you should be able to see the alias when checking the keystore with Portecle or "keytool -list".
When creating the keystore/truststore with keytool, please specify -trustcacerts parameter to the command line.
This automatically trsuts the certificates stored in cacerts file without the need to modify it.
In the truststore for the IS import all intermediate certificates which are shown in the certification path for the certificate.
Configure this truststore as an Truststore Alias and assign this Truststore Alias under Security → Certificates.
Another option is to assign the certificate directly to the pub.client:http invoke step.
if you are authenticating with username/password, you don’t need to have the key store configured, you only need to have the Trust Store configured.
on Security > Certificates > Edit page, the last section: Truststore
Do you see your truststore alias there?
if not, that means you haven’t configured the truststore yet.
Go to: Security > Keystore > Create Truststore Alias
to create it.