Sidebar

What does the error "PKIX path building failed" or "unable to find valid certification path to requested target" mean?

0 votes
4.0K views
asked Jul 3, 2013 by gary-t-8719 (14,860 points)
While attempting to communicate over a secure connection, the following error is returned:

javax.xml.ws.WebServiceException: java.io.IOException: Got sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target while opening stream from https://secure.domain.com/endpoint?wsdl

1 Answer

0 votes
When the server's certificate (HIE) is not trusted the qieLauncher.log will show the following error.
 
SEND TLSv1 ALERT:  fatal, description = certificate_unknown
 
Notes:
 
1. The name of the certificate will appear several lines above this one
 
2. You need to have the following option enabled.
-Djavax.net.debug=ssl,handshake
 
3. Remember to turn off the sslhandshake when done or the log file will get really big.
-Djavax.net.debug.OFF=ssl,handshake
 
In order to fix this, you will need to add the server's certificate to your trust store.  In other words, the certificate is unknown because it is not trusted, but once it is trusted then it will be used. Please refer to the SSL Certificate Guide for instructions on adding the certificate to the trust store.
answered Jul 5, 2013 by ron-s-6919 (4,480 points)
...