search cancel

CA Gen COM Proxy ASP IIS https URL called from Java code gives SSL error "PKIX path building failed"


Article ID: 199091


Updated On:


Gen Gen - Run Time Distributed


After implementing the IIS https URL of the CA Gen 8.6 COM Proxy ASP in Java application code received this error when attempting to execute the transaction: PKIX path building failed: unable to find valid certification path to requested target

Using previous CA Gen 7.0 and CA Gen 8.0 versions of the COM Proxy, http URLs were used successfully. However, in Gen 8.6 it is required to use SSL and thus the https URL is being used.


Release : 8.6
Component : CA Gen Run Time, Proxies


This error is not related to the COM Proxy itself.
It appears that the IIS website SSL certificate has not been loaded into the Java runtime (JRE) truststore being used by the Java program ("JAVA_HOME\lib\securty\cacerts").
For example:
Also, this KB article for another Broadcom product CA Release Automation covers the same symptoms: PKIX path building failed
Problem resolved by installing the required SSL certificate(s) into the JRE truststore.