Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

PKIXCertPathBuilderImpl could not build a valid CertPath

SA-26232

Summary



Certificate errors occur sporadically in Connect-SOAP test connectivity. Server restart clears the issue, but it returns after two test connections. Configuration is stated to be identical in a lower environment, where issue is not reproduced.

Error Messages



Fail
Service URL 'https://server.com/servicename value is invalid: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Citi Internal Root CA Untrusted, DC=Citi, DC=net is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error

Steps to Reproduce



Open Connect-Soap rule, and test the connectivity.

Root Cause



A defect in Pegasystems’ code or rules. Pega does not pick the certificate and key pair always when they are defined in application server level keystore and trust store for connectors.

Resolution



Perform the following local-change:
Enable the WS-security, and add the truststore and keystore at connector level.

Published August 9, 2016 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice