ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CA Gen COM Proxy ASP IIS https URL called from Java code gives SSL error "PKIX path building failed"

book

Article ID: 199091

calendar_today

Updated On:

Products

Gen Gen - Run Time Distributed

Issue/Introduction

After implementing the IIS https URL of the CA Gen 8.6 COM Proxy ASP in Java application code received this error when attempting to execute the transaction:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Using previous CA Gen 7.0 and CA Gen 8.0 versions of the COM Proxy, http URLs were used successfully. However, in Gen 8.6 it is required to use SSL and thus the https URL is being used.

Environment

Release : 8.6
Component : CA Gen Run Time, Proxies

Resolution

This error is not related to the COM Proxy itself.
It appears that the IIS website SSL certificate has not been loaded into the Java runtime (JRE) truststore being used by the Java program ("JAVA_HOME\lib\securty\cacerts").
For example: https://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-security-validator-validatore
Also, this KB article for another Broadcom product CA Release Automation covers the same symptoms: javax.net.ssl.SSLHandshakeException PKIX path building failed
Problem resolved by installing the required SSL certificate(s) into the JRE truststore.