Portal Service stopped frequently with SSL errors

book

Article ID: 144022

calendar_today

Updated On:

Products

CLOUDTEST CA Application Test CA Cloud Test Mobile MOBILECLOUD Service Virtualization

Issue/Introduction

 When we try to start the PortalService, it comes up for 10mins but goes down with the following error : unable to find valid certification path to requested target

 

Noticed the below error in portal-grails.log. Please help us to fix it. 

 

ERROR com.itko.lisa.PhoenixLogoutController - Error destroying user token

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

     Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)

        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

        at sun.security.validator.Validator.validate(Validator.java:260)

        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)

        ... 136 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

        ... 142 more

 

Cause

Permission issue  reading myKeystore.jks file.  

The Pheonix.properties had the path to ssl cert file as :

phoenix.ssl.keystore=/ect/cert/myKeystore.jks

Portal Service is starting as SV1ADMIN user, myKeystore.jks was under a different user in /etc/cert folder, As a result when Portal service tries to start the Service it looks for the file under that location but does not have permission to that file.

Environment

Release : 10.5

Component : CA Service Virtualization

Resolution


Copy myKeystore.jks to a folder inside DEVTEST Home that has the same user as SV1Admin