Anybody know what this is and how to fix?
Service provider returned the following error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Scenario. I'm running two Business spaces on my testing server. I have a spare domain name which I am pointing at the server. BS1 consumes a REST service, BS2 exposes a REST service. If I paste the url to BS2 into a browser address bar, I get the data returned that I am expecting, but when I try to call the service from BS1, I get the above message.
The server certificate is valid
*SOLVED* PKIX path building failed.
*SOLVED* PKIX path building failed.
Last edited by rocketman on Mon Mar 25, 2024 11:54 pm, edited 7 times in total.
Rocketman
V8.7 Developer Edition. Server 2016 Standard edition. MySql 5.5
V8.7 Developer Edition. Server 2016 Standard edition. MySql 5.5
Re: PKIX path building failed.
Could you please confirm that the certificate chain is valid?
This tool should do the trick: (this assumes that your application is accessible from the internet)
https://decoder.link/sslchecker
Oftentimes when I have seen SSL certificate errors where only certain clients had problems accessing it, it had to do with a faulty chain.
This tool should do the trick: (this assumes that your application is accessible from the internet)
https://decoder.link/sslchecker
Oftentimes when I have seen SSL certificate errors where only certain clients had problems accessing it, it had to do with a faulty chain.
Re: PKIX path building failed.
Hi, It says the chain doesn't contain any intermediate certificatesjoben wrote: ↑Mon Mar 25, 2024 1:06 pm Could you please confirm that the certificate chain is valid?
This tool should do the trick: (this assumes that your application is accessible from the internet)
https://decoder.link/sslchecker
Oftentimes when I have seen SSL certificate errors where only certain clients had problems accessing it, it had to do with a faulty chain.
Rocketman
V8.7 Developer Edition. Server 2016 Standard edition. MySql 5.5
V8.7 Developer Edition. Server 2016 Standard edition. MySql 5.5
Re: PKIX path building failed.
Bingo.
The intermediate certificate is often included as a separate file when you get it from your provider. Otherwise you can just download it from their website.
If you are lucky you can just open your certificate files in notepad and see text like this:
-----BEGIN CERTIFICATE-----
yadayadayada
-----END CERTIFICATE-----
Then you can just paste the contents of the intermediate certificate file underneath it.
But if it is pfx format or similar you will need to do extra steps because that thing can't just be edited.
You will also have to restart your Tomcat server for the changes to take place.
Hope this will lead you in the right direction.
The intermediate certificate is often included as a separate file when you get it from your provider. Otherwise you can just download it from their website.
If you are lucky you can just open your certificate files in notepad and see text like this:
-----BEGIN CERTIFICATE-----
yadayadayada
-----END CERTIFICATE-----
Then you can just paste the contents of the intermediate certificate file underneath it.
But if it is pfx format or similar you will need to do extra steps because that thing can't just be edited.
You will also have to restart your Tomcat server for the changes to take place.
Hope this will lead you in the right direction.
Re: PKIX path building failed.
joben wrote: ↑Mon Mar 25, 2024 1:32 pm Bingo.
The intermediate certificate is often included as a separate file when you get it from your provider. Otherwise you can just download it from their website.
Just reactivating my cert now. It's a cheapo from https://www.ssls.com/ If memory serves, I have to create a TXT record in my service provider's DNS section to point to the intermediate. Will keep you posted, thanks for the tips
Rocketman
V8.7 Developer Edition. Server 2016 Standard edition. MySql 5.5
V8.7 Developer Edition. Server 2016 Standard edition. MySql 5.5
Re: PKIX path building failed.
All fixed and busy writing up notes for 10 month's time when I need to renew the cert ('cos I'll have forgotten by then.) It would seem that initially I installed a "Trusted Certificate" I got with the original download - which was really basic but satisfied the requirements for simple SSL. There must have been a private key sent separately via email (which I cannot now find) that would have allowed me to install the private key and the CA-Bundle as a key pair. Fortunately I was able to extract the private key from the current keystore and use it to generate a new keystore with the CA-Bundle. I'm learning slowly and will get there eventually
So now in the logs I'm seeing the exposing BS (BS2) correctly do the search, get the results I expect, create the abridged records for sending to BS1 - but nothing comes across - ("Service provider returned the following error: null") but now at least I can do some debugging.
Just one question if I may. When exposing a REST service (BS2)- where do I find the API key that I need to enter into the consuming server? (BS1). Can't find that in any of Vlad's videos
Rocketman
V8.7 Developer Edition. Server 2016 Standard edition. MySql 5.5
V8.7 Developer Edition. Server 2016 Standard edition. MySql 5.5
Re: *SOLVED* PKIX path building failed.
All issues resolved - many thanks to Joben for his speedy (and accurate) response
Rocketman
V8.7 Developer Edition. Server 2016 Standard edition. MySql 5.5
V8.7 Developer Edition. Server 2016 Standard edition. MySql 5.5
Re: *SOLVED* PKIX path building failed.
Glad to hear!
I suggest opening a new thread regarding the API question so that others can find it easier.
I suggest opening a new thread regarding the API question so that others can find it easier.