search cancel

VSE Recorder doesn't work when our own truststore is being used


Article ID: 7001


Updated On:


CA Application Test CA Continuous Application Insight (PathFinder)


DevTest was configured to use a different truststore that is not the default cacerts under $DevTest_HOME/jre/lib/security folder.

When the VSE Recorder is configured to use SSL to server, no transactions are being captured and the following error is showing in the workstation.log file:

" ERROR System.err - PKIX path building failed: unable to find valid certification path to requested target" 


All supported DevTest versions.


When Java tries to connect to a different application using SSL, it will only be able to connect to that application if it can trust it. The way trust is handled in Java is that you have a keystore (typically $JAVA_HOME/lib/security/cacerts), also known as the truststore. This contains a list of all known Certificate Authority (CA) certificates, and Java will only trust certificates that are signed by one of those CAs or public certificates that exist within that keystore. 

When using your own truststore, the CA that signed your server certificate or the service public certificate is not available in the custom truststore.


Get the server public certificate and import it into the truststore that is being used.

The command below can be used to import it:

keytool -import -alias <serverCertAlias> -file <ServerCert.cer> -keystore <yourOwnTrustStore> -storepass <yourOwnTrustStorePassword>

Restart DevTest components.

Additional Information

With the default DevTest installation, cacerts file is available under $DevTest_HOME/jre/lib/security/ folder.

For more information on "SSL, Java and DevTest" refer to KB: