pub.client.http throws SSLHandshakeException: unable to find valid certification path

Renan_Lopes1 · December 17, 2019, 3:08pm

Hi.

I am trying to send some data to a HTTPS url using the pub.client.http function in my SoftwareAG Designer.

But I am receiving the following error:

“java.io.IOException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe”

The function works OK with HTTP endpoints, but it doesn’t with HTTPS.

Please, what should I do to fix this issue?

Thank you.

Chandra_K · December 17, 2019, 11:28pm

Hi,

Did you install target endpoint certificates into your trust store?

Holger_von_Thomsen · January 6, 2020, 4:08pm

Hi,

addendum to Chandras reply:

you will at least require the root and intermediate CA certificates being present in your central truststore file which are not part of the base cacerts file being present in the JVM.
The real endpoint certificate is not needed locally on your system, but you need to trust the intermediate CA certificates via locallly configured truststore in IS or via cacerts file from JVM.

You can request the output of the certificates by using the following command:

openssl s_client -showcerts -connect host:port

After that check the cacerts file of your JVM to see if there are any of them missing.

If you can connect to your partner from Windows you can retrieve the certificates via Browser by invoking the URL from there.
This should reveal the certificate chain and if the Browser consider it valid or not.

Regards,
Holger