Invocation of target service over two-way SSL fails with the exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed
Article ID: KB0092998
Updated On:
| Products | Versions |
|---|---|
| TIBCO API Exchange | - |
| Not Applicable | - |
Description
Description:
Invocation of target service over two-way SSL fails with the exception "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", despite having the appropriate certificates in the truststore.
Symptoms:
Invocation of target service over two-way SSL fails with the following error.
Error [HTTP-NIO-Worker-1-1] - [root] Error connecting to server: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Cause:
Documentation for configuring two-way SSL at https://docs.tibco.com/pub/api-exchange-gateway/2.2.1/doc/html/GUID-045F6324-71F7-4FF6-A46A-0E37F9553F8A.html is missing two required properties.
Invocation of target service over two-way SSL fails with the exception "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", despite having the appropriate certificates in the truststore.
Symptoms:
Invocation of target service over two-way SSL fails with the following error.
Error [HTTP-NIO-Worker-1-1] - [root] Error connecting to server: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Cause:
Documentation for configuring two-way SSL at https://docs.tibco.com/pub/api-exchange-gateway/2.2.1/doc/html/GUID-045F6324-71F7-4FF6-A46A-0E37F9553F8A.html is missing two required properties.
Issue/Introduction
Invocation of target service over two-way SSL fails with the exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed
Resolution
The file SslMutual.properties located under <ASG_CONFIG_HOME>\default\security\resource has all the required properties for two-way SSL invocation. Make a copy of this file, edit the property values as required and use it when configuring the Target Operation.
Note: The following three properties in the file SslMutual.properties are not required and may be removed
com.tibco.trinity.runtime.core.provider.lookup=com.tibco.trinity.runtime.core.provider.identity.subject
com.tibco.governance.sharedresource.name=SubjectIsp
com.tibco.governance.sharedresource.type=SubjectConfiguration
Note: The following three properties in the file SslMutual.properties are not required and may be removed
com.tibco.trinity.runtime.core.provider.lookup=com.tibco.trinity.runtime.core.provider.identity.subject
com.tibco.governance.sharedresource.name=SubjectIsp
com.tibco.governance.sharedresource.type=SubjectConfiguration
Feedback
Yes
No
Powered by
