unable to find valid certification path to requested target

rmunene

Hi,

I'm testing a few composites where the external partner uses ssl. The certificates work on the test environment but on prod they generate failing/on recovery instances. See below error.

NB: The setup on prod and test in the same

oracle.fabric.common.FabricInvocationException: Unable to invoke endpoint URI "https://integrations.kra.go.ke:443/ws" successfully due to: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Unable to invoke endpoint URI "https://integrations.kra.go.ke:443/ws" successfully due to: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Also strange that after adding a certificate using below command

keytool -import -trustcacerts -alias krakey -file /export/home/applprod/IntegrationsRootCert.cer -keystore /usr/jdk/instances/jdk1.8.0/jre/lib/security/cacerts

I was still able to add the same certificate using the enterprise manager console and there was no conflict.

Weblogic Domain>Security>Keystore>trust>Manage>import certificate.

Jks location is  /usr/jdk/instances/jdk1.8.0/jre/lib/security/cacerts

How can I resolve this issue?

Your assistance is highly appreciated.

vladodias

Hi,

Check the "Keystores" tab configuration for the SOA managed server... Navigate to <domain> --> Environment --> Servers --> click on the soa managed server --> Keystores tab

The configuration of prod and test might be different on there...

Cheers,

Vlad

rmunene

Hi Vladivoas,

External partner made changes to ssl which cleared the error. Made no config changes to the soa environment.

Thank you