GIM69207S unable to find valid certification path to requested target
search cancel

GIM69207S unable to find valid certification path to requested target

book

Article ID: 274024

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Added certificate and key ring and it keeps getting an error. 

GIM69207S ** RECEIVE PROCESSING HAS FAILED BECAUSE THE CONNECTION WITH THE SERVER FAILED.
             javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed:
             com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested
             target

The certificate and key ring are valid and TRUSTED.

Command : TSS LIS(<acid>) KEYRING(USERRING)
KEYRING =  USERRING         ACCESSORID = TSTUSR                              
KEYRING HAS THE FOLLOWING CERTIFICATES CONNECTED:                              
   ACID(CERTAUTH)  DIGICERT(ROOT    )  DEFAULT(NO )  USAGE(CERTAUTH)            
   ACID(<acid>  )  DIGICERT(USERCERT)  DEFAULT(NO )  USAGE(CERTAUTH)  
Command :  TSS LIS(CERTAUTH) DIGICERT(ROOT) CHAIN  
DIGICERT = ROOT             ACCESSORID = CERTAUTH                              
STATUS     = TRUST                                                             
ISSUER DISTINGUISHED NAME:                                                     
              .CN= Root                                                         
SUBJECT DISTINGUISHED NAME:                                                    
              CN= Root
KEYUSAGE:                                                                      
              HANDSHAKE CERTSIGN                                                
CERTIFICATE IS CONNECTED TO THE FOLLOWING KEYRINGS:                            
   ACID(<acid>)  KEYRING(USERRING)                                            
Chain Information:                                            
    Chain contains    1 certificate                           
    Chain is complete                                         
Command : TSS LIS(<acid>) DIGICERT(USERCERT) CHAIN
DIGICERT = USERCERT         ACCESSORID = <acid>                               
STATUS     = TRUST                                                             
ISSUER DISTINGUISHED NAME:                                                     
             .CN=CA                          
SUBJECT DISTINGUISHED NAME:                                                    
             CN=connectUserId:<email address>
CERTIFICATE IS CONNECTED TO THE FOLLOWING KEYRINGS:                            
  ACID(<acid>)  KEYRING(USERRING)                                            
Chain Information:                                                             
    Chain contains    1 certificate                                            
    Chain is incomplete                                                       

 

Environment

Release : 16.0

Resolution

If the certificate is valid and there seems to be no problem with the definition, it may be a firewall problem.

Powered by Wolken Software