SSLHandshakeException with SMP/E Internet Service Retrieval utility

book

Article ID: 207092

calendar_today

Updated On:

Products

CA Common Services for z/OS

Issue/Introduction

Downloading the CA certificate for Internet Service Delivery, adding it to the RACF database and to a keyring.

Trying an Internet Service Retrieval (SMP/E RECEIVE ORDER) and getting the following message in the SMPOUT DD: 

javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building filed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl coulnot build a valid CertPath.; internal cause is:  java.security.cert.CertPathValidatorException: The certificate issued by CN=DigitCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted;

internal cause is:                                                            

java.security.cert.CertPathValidatorException: Certificate chaining error    


Environment

COMMON SERVICES 15.0 - z/OS supported releases - 

 

Resolution

DigiCert SHA2 Secure Server CA and DigiCert Global Root CA should be added to the keyring along with the required User certificate.

Downloading those certificates, and adding them to the keyring should resolve this problem.

Related Documentation: Obtain the Certificates for SMP/E Internet Service Retrieval