Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Certificate chaining errors

SA-12909

Summary



Certificate chaining errors are received. Unable to duplicate the chaining errors in Java at the system level.


Error Messages



com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=Symantec Class 3 Secure Server CA - G4, OU=Symantec Trust Network, O=Symantec Corporation, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error


Steps to Reproduce



Configure TLS / SSL security protocol on Connect-SOAP. Submit a request through Connect-SOAP integration to a secure service.


EXPLANATION

Pega does not take certificate or keystore configuration performed in application server into consideration, whether it is Websphere or Weblogic, due to vendor specific implementations by Application servers.
It goes directly against the JVM and uses its keystore configuration. Default truststore for JVM is 'cacerts' and hence it uses that by default for SSL handshake. To specify your own keystores for Pega to use, you can use the following JVM arguments:

-Djavax.net.ssl.keyStore=<Path>/client_keystore.keystore
-Djavax.net.ssl.keyStorePassword=client_keystore_pw_mypassword
-Djavax.net.ssl.trustStore=<Path>/client_truststore.keystore
-Djavax.net.ssl.trustStorePassword=client_truststore_pw_mypassword

Published August 21, 2015 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice