In a PX of the base rest query type in the basic authentication call function receiving the certificate error "unable to find valid certification path to requested target; PKIX path building failed."

or just "unable to find valid certification path to requested target".

Identity Manager 14.5

1) In both servers:

 keytool -list -keystore /opt/CA/java/jre/lib/security/cacerts -storepass changeit -v | grep Issuer

This will generate the list of issuers.

keytool -list -keystore /opt/CA/java/jre/lib/security/cacerts -storepass changeit -v | grep <hostname or IP used>

This will generate certs that match the hostname or IP. Check if certificate is correct.

2) Use a web browser to navigate to the rest url

https://<url here>  (fill the correct URL in the browser)

3) Click on the lock icon in the browser to the left of the URL and view the certificate Details tab.

4) Use the Export button to download the certificate (this is the certificate that the REST endpoint uses).

5) Transfer this certificate to the server where the IM is running.

6) Import the certificate to the keystore of IM and list again to see if can we see the Issuer there.

 keytool -importcert -keystore /opt/CA/java/jre/lib/security/cacerts -file <path to certificate> 

you can optionally add alias:

-alias <alias for certificate>

6.1) Test the rest connection from within the Xpress policy.

7) If still not working not, try to stop_im / start_im and check it again.

Path:

/opt/CA/java/jre/lib/security/cacerts

is for virtualAppliance cacerts location, provide proper location if you are using standalone IM.