Unable to find valid certification path to requested target when modifying endpoint configuration in Provisioning Manager
search cancel

Unable to find valid certification path to requested target when modifying endpoint configuration in Provisioning Manager

book

Article ID: 385207

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

When trying to update an endpoint LDAP url connection, we are seeing this error in Provisioning Manager:

eTDynDirectoryName=Test,eTNamespaceName=Sample, dc=im, dc=etasa:
JCC@ConnectorServerName: JNDI: simple bind failed:
EndpointSampleLDAP.test.net:636 Caused by:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException"
Unable to find valid certification path to requested target
(ldaps://connectorserver.test.net:20411)

Cause

When changing an endpoint configuration to point to new or different servers, the error occurs because the IAM CS java connector server cannot find the certificate for the new server.

Resolution

You can import the (new) certificates to the connector server via the UI:

Log In to CA IAM CS
Use the following URL to log into CA IAM CS:


http://hostname:port


hostname
Specifies the name of the computer which runs CA IAM CS, as a qualified domain name.


port
Specifies the HTTP or HTTPS port set during installation.
Use the credentials that you specified during installation.


Example URLs for CA IAM CS
SSL: https://myserver.mycompany.org:20443
Non-SSL: http://myserver.mycompany.org:20080

The default user is admin, with the password you use for accessing the Provisioning Manager

In the UI, locate the option to import the certs.

A restart of the connector server(s) may be required for the change to take effect.