Web service unable to find valid certification path to requested target

I have set up Integration Server to create web service via https protocole. And for this I have created a Keystore list and trustore list in Integration Server. And I have set my 443 port in Integration server with my keystore alias. (And to be complete, even it is not important for me in this problem, I have set a web service endpoint address alias and url aliases to simplify the url of called web service). After test it on Visual Studio program, it works.
But I want to test it with a CAF application. But I have a problem : unable to find valid certification path to requested target

So After reading some posts on this forum I put my jks file on MWS\server\default\config\security folder and restart MWS service.
But it doesn’t work.
I have even load my certificate in Administration → System → User management → Certificate.

But I havze always same issue.

So I don’t know how to solve it.


It depends on version.

In most cases, it is only a matter of adding your certificate in to the certificate store MWS already uses (check wrapper.conf or custom_wrapper.conf for its location).

MWS only reads one certificate store.

The user management certificate is only of use to identify incoming user logins.

You need to restart MWS after the change to make sure it re-reads the certificate store.

Best regards,

I have a wrapper.conf.template file : is it this file ?

In this I have the following statement :

Sould I modify it to add my trustore file (and separate the other by coma or semicolon ) ?

set.JAVA_TRUSTSTORE=%SERVER_HOME%/config/security/sagdemoca.jks ,

Maybe I have to add all lines :

I have this

Maybe I have to create another paragraph with my p12 and jks file.
But I have a password in keystore file but in this paragraph there is a prefix {DES} : I guess it is an encrypt algorithm. But in this alogrithm I need mode and key that I doesn’t know

Hi Vital,

If you do not require the demo certificate provided by SAG you can replace it with your own certificate.
Make Sure that the truststore file (sagdemoca.jks by default) contains ALL intermediate CA and self signed certificates which MWS (and external partners connecting to MWS) should be trusting.

You can encrypt your own password by using the following command in your installation root directory:

java -cp common/lib/wm-caf-common.jar:common/lib/ext/log4j.jar com.webmethods.caf.common.CipherUtil <your password>

This will create an AES encrypted version of your password.
Place the outcome of the above command in the config file instead of the DES encrypted default password.
Alternatively you can try the option 11 in the UpdateManager (encrypt password).

The mentioned DES encrypted password ist the same as the default Administrator password of IS and MWS.


Thanks Holger,
If the opportunity came again, I will try what you suggest.
But for now, I choose create web service in http in order to an https web service and that’s work.