VSE Recorder doesn't work when our own truststore is being used.


Article ID: 7001


Updated On:


CA Application Test Service Virtualization CA Continuous Application Insight (PathFinder)


DevTest was configured to use a different truststore that is not the default cacerts under $DevTest_HOME/jre/lib/security folder.

When the VSE Recorder is configured to use SSL to server, no transactions are being captured and the following error is showing in the workstation.log file:

" ERROR System.err - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" 


When Java tries to connect to a different application using SSL, it will only be able to connect to that application if it can trust it. The way trust is handled in Java is that you have a keystore (typically $JAVA_HOME/lib/security/cacerts), also known as the truststore. This contains a list of all known Certificate Authority (CA) certificates, and Java will only trust certificates that are signed by one of those CAs or public certificates that exist within that keystore. 

When using your own truststore, the CA that signed your server certificate or the service public certificate is not available in the custom truststore.


All supported DevTest versions.


Get the server public certificate and import it into the truststore that is being used.

The command below can be used to import it:

keytool -import -alias <serverCertAlias> -file <ServerCert.cer> -keystore <yourOwnTrustStore> -storepass <yourOwnTrustStorePassword>

Restart DevTest components.

Additional Information

With the default DevTest installation, cacerts file is available under $DevTest_HOME/jre/lib/security/ folder.

For more information regarding 'How Java Implements SSL Certificates and Trust'