PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
search cancel

PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

book

Article ID: 193137

calendar_today

Updated On: 06-02-2025

Products

Data Loss Prevention Data Loss Prevention Enforce Data Loss Prevention Enterprise Suite Data Loss Prevention Plus Suite Data Loss Prevention Core Package

Issue/Introduction

FlexResponse Rule to allow emails was failing. Localhost logs show the following error...

15 jun 2020 09:27:55,460- Thread: 197 SEVERE [com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectPlugin] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
Cause:
com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
	at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailWsRemediationSession.wsConnect(EmailWsRemediationSession.java:267)
	at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailWsRemediationSession.createConnection(EmailWsRemediationSession.java:196)
	at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailWsRemediationSession.submit(EmailWsRemediationSession.java:142)
	at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectRemediator.invokeWebService(EmailQuarantineConnectRemediator.java:39)
	at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectAction.execute(EmailQuarantineConnectAction.java:49)
	at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:313)
	at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:297)
	at com.vontu.incidentresponse.action.invoker.ActionInvoker.run(ActionInvoker.java:171)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

Environment

All

Cause

The error message "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed" indicates that the Certificate Signatures between the two servers do not match.

In this case the customers Certificates had expired, and they had created a new set of Certificates, but were running into this error. It turns out the customer environment was an upgraded environment. They were updating the Certificates in the Old installation of DLP instead of the Current installation of DLP. So the current version of DLP was not getting the Certificate updates as expected.

Resolution

Customer needed to import the SMG Certificate into the keystore in the correct path for the version of DLP that they were currently using instead of the older version of DLP which was no longer in use.