Error occurred while trying to authenticate to server: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

100 views
Skip to first unread message

Costin Caraivan

unread,
Feb 13, 2012, 9:09:08 AM2/13/12
to contr...@googlegroups.com
Hello,

I'm reconfiguring several ControlTier servers to use HTTPS (servers
running on Windows 2008, clients running on Windows 2008 through
Cygwin). So far so good - the main page, Control Center, Workbench now
load using HTTPS and the new port. Regular jobs (jobs which launch
simple modules, no complex types like Updaters & co) work too.
I've followed the steps found here: http://doc36.controltier.org/wiki/Ssl

However, when I try to launch an updated I get this error:

C:\ctier\ctl\projects\CTIER8_TESTING\modules\Deployment\commands\Get-Properties.xml:48:
Error making server request to https://$proj-tak-ctier8:8443/itnav:
Error occurred while trying to authenticate to server:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

I imported the certificate using the keytool, I added the certificate
using the Java Control Panel applet. Nothing :(

Any ideas? I followed all the steps from the wiki page :(

_____________
Costin Caraivan

Costin Caraivan

unread,
Feb 13, 2012, 10:49:33 AM2/13/12
to contr...@googlegroups.com
Some extra detail, ControlTier server log:

Error occurred while trying to authenticate to server:
sun.security.validator.Validator
Exception: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

2012-02-13 17:47:23.038::WARN: EXCEPTION
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1720)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:632)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)

--
_____________
Costin Caraivan

Costin Caraivan

unread,
Feb 14, 2012, 11:02:22 AM2/14/12
to contr...@googlegroups.com
Extra question: the how to stops at:
"Prior to importing the pkcs12 file"

I assume that "importing the pkcs12 file" means importing it into the
truststore? Like this?
C:\Java\jdk1.6.0_23\bin\keytool -importkeystore -srckeystore
mypkcs.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

I've been hanging my head against all the ControlTier/Java/HTTPS walls
for the last 2 days, so any help would be greatly appreciated.

Thank you.


On Mon, Feb 13, 2012 at 5:49 PM, Costin Caraivan

--
_____________
Costin Caraivan

Reply all
Reply to author
Forward
0 new messages