Certificate error : SSLHandshakeException ... ValidatorException: PKIX path building failed: ... unable to find valid certification path to requested target

Document created by chris_stevens Employee on Apr 25, 2016Last modified by Adam Arrowsmith on Mar 28, 2017
Version 4Show Document
  • View in full screen mode

Error

SSLHandshakeException ... ValidatorException: PKIX path building failed: ... unable to find valid certification path to requested target

 

Cause

There are couple of reasons for this error message:

 

  1. Make sure that the java security policy files are added for that specific version of java. You can check if you already have the files by going to Atom Management>Startup Properties and seeing if Unlimited Cryptography is set to true. If its false, you have to follow these instructions  to add the files as mentioned in the link: Installing JCE Unlimited Strength Jurisdiction policy files
  2. This may be an issue with the SSL certs / keystore on your local atom, but it can also be caused by invalid proxy settings/configuration between the local atom and the endpoint. You have to make sure that you have added the correct certificate to the java keystore. Follow this link onHow to Add Certificate to Java Keystore.
    Also, please verify that the certificate is added to the keystore successfully by following these steps:
    1. How to verify a certificate has been loaded into the Java keystore.
    2. Go to the atom management Certificates panel and verify that the certificate exists.
  3. Here are some more details about the certificates in Boomi and what are different certificate types supported in Boomi: Certificate components.
    Some commands that might be helpful when you are trying to import the certificates or needs to convert certificates from one format to another format:
    1. Convert PEM to DER
      openssl x509 -outform der -in certificate.pem -out certificate.der
    2. Convert P7B to PFX
      1. First, convert P7B to CER
        openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer
      2. Then, convert CER and Private Key to PFX
        openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile  cacert.cer

                    Source: SSL Converter - Convert SSL Certificates to different formats

 

Also, here are some of the best practices for SSL certificate management in Boomi : April 2016 Release: New Best Practices for SSL Certificate Management

3 people found this helpful

Attachments

    Outcomes