Sending a request to VSM and receiving exception "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
Article ID: 94924
Updated On:
Products
Issue/Introduction
After enabling 'Use SSL to Client' in the VSM, Listener step, am able to send a request from DevTest Workstation and receive a valid response.
However, when sending a request from a different client application, receiving the following exception:
Environment
Cause
Whenever Java attempts to connect to another application over SSL, it will be able to connect to that application if it can trust it.
The way trust is handled in the Java is that you have a truststore, typically $JAVA_HOME/lib/security/cacerts, that contains a list of all known Certificate Authority (CA) certificates, and Java will trust certificates that are signed/ issued by one of those CAs that exist within this truststore.
In this case, the client application did not know about the keypair issuer for the keystore being used with the VSM.
Resolution
Export the certificate for the keypair used in the VSM and import this certificate to the client application truststore.
The client application needs to be restarted after this modification.
Additional Information
To manipulate a Java Keystore you can use keytool, https://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html, or Portecle, a user-friendly GUI application for creating, managing and examining keystores - http://portecle.sourceforge.net/.
For more information regarding DevTest and SSL, please refer to KB: SSL, Java and DevTest
For more information regarding the HTTP/S Listener step and options, refer to section "Virtual HTTP/S Listener Step" in the documentation of the DevTest release you are running.
Feedback
