"PKIX path building failed" DevTest HTTPS Portal errors when choosing any Reporting
search cancel

"PKIX path building failed" DevTest HTTPS Portal errors when choosing any Reporting

book

Article ID: 241924

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Not able to access any reporting from Portal when using HTTPS url.  Getting this error in the portal-grails.log:
 
2022-05-16T18:39:33,970Z (11:39) [qtp30471469-110] WARN  org.springframework.cloud.netflix.zuul.filters.post.SendErrorFilter - Error during filtering
com.netflix.zuul.exception.ZuulException: Forwarding error
 at org.springframework.cloud.netflix.zuul.filters.route.SimpleHostRoutingFilter.handleException(SimpleHostRoutingFilter.java:261) ~[spring-cloud-netflix-zuul-2.1.5.RELEASE.jar:2.1.5.RELEASE]
 at org.springframework.cloud.netflix.zuul.filters.route.SimpleHostRoutingFilter.run(SimpleHostRoutingFilter.java:241) ~[spring-cloud-netflix-zuul-2.1.5.RELEASE.jar:2.1.5.RELEASE]
 at com.netflix.zuul.ZuulFilter.runFilter(ZuulFilter.java:117) ~[zuul-core-1.3.1.jar:1.3.1]
 at com.netflix.zuul.FilterProcessor.processZuulFilter(FilterProcessor.java:193) ~[zuul-core-1.3.1.jar:1.3.1]
 at com.netflix.zuul.FilterProcessor.runFilters(FilterProcessor.java:157) ~[zuul-core-1.3.1.jar:1.3.1]
 at com.netflix.zuul.FilterProcessor.route(FilterProcessor.java:118) ~[zuul-core-1.3.1.jar:1.3.1]
.
.
.
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_232]
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) ~[?:1.8.0_232]
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) ~[?:1.8.0_232]
.
.
.
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[?:1.8.0_232]
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:1.8.0_232]

Environment

Release : 10.7.2

Component : DevTest Portal

Cause

Configuration issue.

Resolution

The issue was resolved by importing the customer keystore certificates into DEVTEST_HOME\\jre\lib\security\cacerts and restarting the Portal.

Additional Information

Example keytool commands: 

List certificates in keystore:
"C:\Program Files\CA\DevTest\jre\bin\keytool" -v -list -keystore "C:\Program Files\CA\DevTest\webreckeys.ks" -storepass "passphrase"

Export a certificate:
"C:\Program Files\CA\DevTest\jre\bin\keytool" -keystore "C:\Program Files\CA\DevTest\webreckeys.ks" -storepass "passphrase" -exportcert -alias lisa -file "C:\tmp\lisa.crt"

List certificates in cacerts:
"C:\Program Files\CA\DevTest\jre\bin\keytool" -v -list -keystore "C:\Program Files\CA\DevTest\jre\lib\security\cacerts" -storepass "changeit"

Add certificate to cacerts:
"C:\Program Files\CA\DevTest\jre\bin\keytool" -trustcacerts -keystore "C:\Program Files\CA\DevTest\jre\lib\security\cacerts" -storepass changeit -importcert -alias lisa -file "C:\tmp\lisa.crt"

The documentation for the phoenix.properties shows that for Jasper reports, some properties have to be configured.
This is new in the 10.7 documentation.
See: Configure SSL for Portal