Unable to Connect to SSL Services due to PKIX Path Building Failed

Symptom: Connection is refused when attempted to access applications that are encrypted with SSL.

Error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Diagnosis: Use SSLPoke to verify the connectivity (you will have to download SSLPoke.class using the following link: https://confluence.atlassian.com/kb/files/779355358/779355357/1/1441897666313/SSLPoke.class)

# /apps/java/latest/bin/java -classpath /apps/java/latest SSLPoke <hostname> <Port>

# /apps/java/latest/bin/java -classpath /apps/java/latest -Djavax.net.ssl.trustStore=/apps/java/latest/lib/security/cacerts SSLPoke <hostname> <Port>

# curl -X POST -d @Test.xml https://<endpoint url> -H "Content-Type:application/xml"

**add some xml code in Test.xml

If the above command is showing "Successfully connected" or downloaded the Test.xml, the SSL connection is fine.

If the above command fails (confirming the problem that the truststore doesn't contain the appropriate certificates), then the certificate will need to be imported into that truststore.

You can check the certificate availability, using the following commands:

# /apps/java/latest/bin/keytool -list -v -keystore /apps/java/latest/lib/security/cacerts

# /apps/java/latest/bin/keytool -list -v -keystore /apps/java/latest/lib/security/cacerts -alias <host_alias>

Comments

  1. Hii, I just discovered your website gent00.com
    it is kind of abandoned, why don't you use it?

    ReplyDelete
  2. Nice informative blog. You have really useful stuff. Thanks for sharing.
    How To Change Direct Admin’s Default Port Number?

    Regards
    Abid Bhatti

    ReplyDelete

Post a Comment

Popular posts from this blog

12 tweakings for WHM/cPanel to speed up WordPress

Error: could not open mime types config file

Disabling open relay on cPanel server