PKIX path building failed: unable to find valid certification path to requested target

Chary,      Can you please explain the scenario in more detail. 1.) Are you using WSAS as a client to the web service MS Exchange 2007 ? If you want to upload a public key certificate to a existing key store in WSAS, this can be done using "Import certificate" functionality of Admin UI. This doesn't require private key. You can import certificate using Manage -> Key Stores -> Import Certificate ( Gold shield icon )   Thanks, Nandana

--------------------------------------------------------- Problem: While trying to establish an HTTPS connection to a Web Service, we get the exception: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target In this case I was trying to establish HTTPS connection to MS Exchange 2007 Web service. What this usually means is that the server is using a test certificate. Solution: WSO2 WSAS should recognize this test certificate by means of truststore. One way is to upload keystore in WSO2 WSAS Admin UI. But uploading in Admin UI requires a private key. Below is the alternative way: 1 Generated truststore using http://blogs.sun.com/andreas/entry/no_more_unable_to_find 2 Place the generated trustsore file (jssecacerts) in "wso2wsas-2.1\conf". 3 In the program, set the System property  System.setProperty("javax.net.ssl.trustStore", "conf/jssecacerts");  System.setProperty("javax.net.ssl.trustStorePassword", "<password>"); Best Regards, Chary --------------------------------------------- Thanks for the info, but what is the password that I should use?  I have tried the default for WSAS as well as a number of others, but none seem to work when I run the InstallCert java app.   Thanks again for the info!

Hi Chary,        This is the password of the keystore. Looking at the tutorial you used, this has to be "changeit" if you used the command "java InstallCert <host>[:port]" and if you used it giving a password like "java InstallCert <host>[:port] [passphrase]" then the password is the [passphrase] you used. thanks, /nandana  

That's it!! Thanks Nandana!!

We are having an application that connects to the LDAP through JNDI ssl/non-ssl. When it tries to connect through SSL it throws the following exception in Windows (uses sun JRE) Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target on cheap web hosting. For this exception, I have tried quite a bit of things from internet. Most of them say that I have to install the rootCA certificate. Nothing helped. The value of the trust store is assigned at the run-time (in the JNDI code) using the api System.setProperty("javax.net.ssl.trustStore", c:\\certificates\\mystore); In AIX (using IBM JRE), the same code throws the following exception. Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:java.security.cert.CertPathValidatorException: The certificate issued by is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error Our application has a application server, webserver and a database. To isolate the problem, I wrote a standalone JNDI program. It connects to the same LDAP with same set of certs from the same machine (both Windows and AIX) through SSL. Finally I found out 2 ways to make the application work. 1. When I import the certificates in to jssecacerts iniside the jre\lib\security I am able to connect through SSL. The trust store path is not necessary here. 2. When I give the path of the trust store along with the Java VM options in my appserver configuration file and reboot, it works. I think it is similar to giving the keystore path in the command line, i.e., c:\> java -Djavax.net.ssl.trustStore=c:\\certificates\\mystore From this I would say the certificates are not the problem. My app is not able to get the trust store path when I set the path at runtime or the value of the path gets overwritten at some point. Unfortunately I can resort to any of the above 2 solutions. Have anyone come across these kind of problems? Any help would be appreciated.

Really nice and informative post.Looking for dedicated server reviews.

SOAP, originally defined as Simple Object Access Protocol, is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks Clark cissp USA

You moldiness be a before state able to sit the VCAP4 exams. So if you accomplishment the Datacenter Head and Datacenter Organization exams you pass4sure VCP-510 testament benefit both certifications, and you present only be a organization accumulation off from the VCDX4 credential.pass4sure 640-802

Yeah that would be good if you can help, Only when you have time though,:) I’ve been customising Cosmic buddy pro so much and the “clicking enter” just isn’t working for me. financial advisors tampa