RA Web Service Job aborting with SSL error "unable to find valid certification path to requested target"
search cancel

RA Web Service Job aborting with SSL error "unable to find valid certification path to requested target"

book

Article ID: 391444

calendar_today

Updated On:

Products

CA Automic Applications Manager (AM) CA Automic Workload Automation - Automation Engine

Issue/Introduction

When running an RA Web Service SOAP or REST Job, it may fail with the below SSL error:

An error occured - while sending the request
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
<EOF>

Job Aborted: : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Environment

Applications Manager 9.x

Automation Engine v12, v21, v24

Cause

This occurs when the Java environment does not have a proper CA certificate path to the HTTPS server to verify that it is a valid website. 

Resolution

General solution

You may need to retrieve the Root and/or intermediary certificates from the HTTPS site, and import them into the Java cacerts file. This should be performed on the Java install and server where the RA Webservice Agent (REST/SOAP) is installed.

Once certificates are available, copy them to the same server as the RA Web Service Agent server and run the following command to import each certificate (once for Root certificate and once for each intermediary certificate):

keytool -import -trustcacerts -keystore <path/to/cacerts> -storepass changeit  -alias <aliasName> -file path/to/certificate.cer

If needed, refer to your OS admin.

Automic

On the Automic REST and SOAP Agent it is possible to add the certificate directly to a keystore keystore owned by the Agent:

  • Retrieve the Root and/or intermediary certificates from the HTTPS site
  • In client 0, open the Agent in the Agent list
  • Go to the Webservice tab > SSL Certificates
  • If no store exists, enter /path/to/store.jks and enter a password, save and restart the Agent so the store is created.
  • Add the downloaded certificate downloaded from the HTTPS site to the store and restart the Agent (again).

 

 

Powered by Wolken Software