Support Article

Unable to find valid certification path to requester path

SA-35961

Summary



User wants to connect to a secure web service. Service provide has provided them a certificate which they have imported into keystore and uploaded it into Pega keystore rule. When they are trying to test the connectivity, they are facing an issue.


Error Messages



Unable to connect to resource due to TLS/SSL issue: java.net.ssl.sslhandshakeexception: sun.security.validator.validatiorexception:pkix building failed:sun.security..prodiver.setpah.builderexception:unable to find valid certification path to requester path


Steps to Reproduce



1. Take the cert from the service provider.
2. Import it to keystore using the keytool commend.
3. Create the keystore rule in Pega and upload the above keystore rule.
4. Take the Pega cert from the server broswer while clicking on the certification.
5. Import them in the service provider box.
6. Restart the app server.
7. Go to connect-rest rule and click on test connectivity.

Root Cause



As there are a chain of certificates and one of the certificate in the chain is missing has resulted in an error.

Resolution



Import all the certificates in the certificate chain, which includes root, intermediate and CA certificates.

Published April 4, 2017 - Updated May 4, 2017

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.