Following Stack Trace is found in the AFM (Arcot Flow Manager) logs when Push Notification flow is initiated. 

2019-09-03 21:05:02,557 [https-jsse-nio-8443-exec-270] ERROR aa.pns.PushNotificationService(90)  -> Failed to notify device.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

...............

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Release : 9.x

Component : AuthMinder(Arcot WebFort)Strong Authentication

RiskMinder ( Arcot RiskFort) Risk Authentication

The Advanced Authentication Push application's trust store called PushProvider.truststore (in <ARCOT_HOME>/conf/afm) does not have the complete certificate chain to complete the  SSL handshake with Google FCM (Firebase Cloud Messaging) 

Please follow the following steps,

1. Backup the existing PushProvider.truststore by renaming the PushProvider.truststore as say PushProvider.truststore_old
2. Copy the CACERTS file in <JAVA_HOME>/jre/lib/security to <ARCOT_HOME>/conf/afm.  
3. Rename  the copied CACERTS file to PushProvider.truststore
4. Ensure that the password to the new PushProvider.truststore is set to the password specified in the PushProvider.properties file in <ARCOT_HOME>/conf/afm.
5. Restart the Push application 

Note if the truststore password in step 4 above does not match the password in PushProvider.properties file then the start of Push application will fail with this stack trace. 

2019-09-05 22:00:22,066 [https-jsse-nio-8443-exec-276] ERROR aa.pns.PushNotificationService(90)  -> Failed to notify device.

java.net.ProtocolException: cannot write to a URLConnection if doOutput=false - call setDoOutput(true)