While using Policy Xpress having a "REST Queries" in the "Action Rules",

REST is working fine with HTTP but fails using HTTPS with following error message (when testing from UI clicking "TEST" button):

The test has failed to run with following error:

"Failed invoking REST operation " which was caused by "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;unable to find valid certification path to requested target".

Problem seems to be related to certificate and endpoint is using a Self Signed Certificate

How to import this certificate into vApp java cert store?

Release : 14.X

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

vApp's default cert store for IM should be accessible to config user and therefore you should be able to import certificates into it just like on any other (non vApp) deployment using keytool:

Import the certificate to the keystore.

 keytool -importcert -keystore /opt/CA/java/jre/lib/security/cacerts -file <path to certificate> 

you can optionally add alias:

-alias <alias for certificate>

Test the rest connection from within the Xpress policy.

If still not working not, try to stop_im / start_im and check it again.

Path:

/opt/CA/java/jre/lib/security/cacerts

is for virtualAppliance cacerts location, provide proper location if you are using standalone IM.

Also check this KB: 280315