search cancel

API Gateway: Policy manager crashes with error: PKIX path building failed


Article ID: 186504


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway


This article will discuss what to do when Policy Manager is crashing and logging the following error:

org.springframework.remoting.RemoteAccessException: Could not access HTTP invoker remote service at [https://securespangateway/ssg/manager/AuditAdmin]; nested exception is PKIX path building failed: unable to find valid certification path to requested target 


This article applies to all supported API Gateway versions accessed via Policy Manager.


There are two root causes seen that can cause the error noted in this article:

  • The most frequent root cause is data corruption in the hidden .l7tech folder in the Users directory of the machine running Policy Manager
  • A rarer root cause is due to an expired certificate
    • This may include the default SSL certificate for the whole Gateway or whichever certificate was assigned to the Listen Port that Policy Manager is connecting to


To ensure there is no data corruption left on the machine running Policy Manager, follow the steps below:

  1. Close all running instances of Policy Manager
  2. Backup the folder located at c:\users\<user-name>\.l7tech
  3. Delete the .l7tech folder
  4. Relaunch Policy Manager, which will recreate the .l7tech folder using default values

If the issue remains, then the root cause may have been an expired certificate instead. The following steps should be followed if the above steps did not resolve the issue:

  1. Login via Policy Manager
  2. Review the Manage Certificates list and determine if any certificates are expired
    • If expired, replace the affected certificates and skip to step 4 after completion
    • If not expired, continue to the very next step
  3. Review the Private Keys list and ensure none of the certificates associated with them have expired
    • If expired, replace the affected certificates
  4. Reboot the Gateway servers in the cluster, and the issue should now be resolved

Additional Information

If any customizations were made to the .ini file such as to increase memory allocation to Policy Manager, that change should be reapplied after the above is completed