My webMethods&webMethods Integration Server 9.12.0.0 OS:Windows Server 2012
The certificate previously used by our system was a complete certificate chain(server-middle-root). Due to the frequent update frequency of the partner’s certificate, we are required to set the system as Trust only the Root CA. How should I set it?
Is it only the root layer imported? The software didn’t work after I tested it.
Hi Prober,
Yes, if your goal is to trust only the Root CA, you should import only the Root CA certificate into your truststore. However, make sure that the partner’s server sends the full certificate chain during the SSL/TLS handshake, otherwise, validation will fail. webMethods Integration Server 9.12 sometimes requires the full chain to be trusted, depending on configuration, so issues may occur if intermediaries are missing. After updating the truststore, restart or reload your server to apply the changes. If it still doesn’t work, check the error logs and confirm if the handshake is failing due to an incomplete chain or trust issue.
Hi welchair
Thank you for your response. I only imported root ca, but it still failed. Failure message:
Delivery Failed: java.io.IOException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
What configuration is still missing?(I also confirm that the server of the partner sent the complete certificate chain during the SSL/TLS handshake)