"GIM69207S unable to find valid certification path to requested target" with Top Secret certificate
search cancel

"GIM69207S unable to find valid certification path to requested target" with Top Secret certificate

book

Article ID: 274024

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

After adding a certificate to Top Secret and to the keyring, the following error occurs: 

GIM69207S ** RECEIVE PROCESSING HAS FAILED BECAUSE THE CONNECTION WITH THE SERVER FAILED.

            ...HandshakeException: ... PKIX path building failed:
             ...IBMCertPathBuilderException: unable to find valid certification path to requested
             target

The certificate and key ring are valid and TRUSTED.

Command : TSS LIS(<acid>) KEYRING(USERRING)
KEYRING =  USERRING         ACCESSORID = TSTUSR                              
KEYRING HAS THE FOLLOWING CERTIFICATES CONNECTED:                             
   ACID(CERTAUTH)  DIGICERT(ROOT    )  DEFAULT(NO )  USAGE(CERTAUTH)           
 ACID(<acid>  )  DIGICERT(USERCERT)  DEFAULT(NO )  USAGE(CERTAUTH) 
Command :  TSS LIS(CERTAUTH) DIGICERT(ROOT) CHAIN  
DIGICERT = ROOT             ACCESSORID = CERTAUTH                              
STATUS     = TRUST                                                            
ISSUER DISTINGUISHED NAME:                                                    
              .CN= Root                                                        
SUBJECT DISTINGUISHED NAME:                                                   
              CN= Root
KEYUSAGE:                                                                      
              HANDSHAKE CERTSIGN                                               
CERTIFICATE IS CONNECTED TO THE FOLLOWING KEYRINGS:                           
 ACID(<acid>)  KEYRING(USERRING)                                           
Chain Information:                                           
    Chain contains    1 certificate                          
    Chain is complete                                        
Command : TSS LIS(<acid>) DIGICERT(USERCERT) CHAIN
DIGICERT = USERCERT         ACCESSORID = <acid>                               
STATUS     = TRUST                                                            
ISSUER DISTINGUISHED NAME:                                                    
             .CN=CA                         
SUBJECT DISTINGUISHED NAME:                                                   
           CN=connectUserId:<email address>
CERTIFICATE IS CONNECTED TO THE FOLLOWING KEYRINGS:                           
ACID(<acid>)  KEYRING(USERRING)                                           
Chain Information:                                                            
    Chain contains    1 certificate                                           
    Chain is incomplete                                                       

 

Environment

Release : 16.0

Resolution

If the certificate is valid and there seems to be no problem with the definition, it may be a firewall problem.