Downloading the CA certificate for Internet Service Delivery, adding it to the RACF database and to a keyring.
Trying an Internet Service Retrieval (SMP/E RECEIVE ORDER) and getting the following message in the SMPOUT DD:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building filed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl coulnot build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=DigitCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
COMMON SERVICES 15.0 - z/OS supported releases -
DigiCert SHA2 Secure Server CA and DigiCert Global Root CA should be added to the keyring along with the required User certificate.
Downloading those certificates, and adding them to the keyring should resolve this problem.
Related Documentation: Obtain the Certificates for SMP/E Internet Service Retrieval
The Geotrust and Godaddy certificate are no longer needed.