Tuesday, November 3, 2020

oracle.stellent.ridc.protocol.ProtocolException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

ERROR : 

Below error was found in WebCenter Capture server logs

oracle.stellent.ridc.protocol.ProtocolException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

SOLUTION : 

Import the Certs in Java Keystore

[user@node1 bin]$ cd $DOMAIN_HOME/bin

[appuser@node1 bin]$ ]$ cp node1-new-PKCS-12.p12 cert1.ccc cert2.ccc $JAVA_HOME/jre/lib/security

-bash: ]$: command not found

[user@node1 bin]$ ls node1-new-PKCS-12.p12 cert1.ccc cert2.ccc

node1-new-PKCS-12.p12  cert1.ccc  cert2.ccc

[user@node1 bin]$ ls -dl $JAVA_HOME/jre/lib/security

drwxr-xr-x 3 user wcc 10 Apr 21 10:43 $JAVA_HOME/jre/lib/security

[user@node1 bin]$ cp node1-new-PKCS-12.p12 cert1.ccc cert2.ccc $JAVA_HOME/jre/lib/security

[user@node1 bin]$ export JAVA_HOME=/<path>/jdk

[user@node1 bin]$ export PATH=$JAVA_HOME/bin:$PATH

[user@node1 bin]$ which java

$JAVA_HOME/bin/java

[user@node1 bin]$ cd $JAVA_HOME/jre/lib/security

[user@node1 security]$

[user@node1 security]$ keytool -importkeystore -deststorepass password -destkeystore cacerts -srckeystore node1-new-PKCS-12.p12 -srcstoretype PKCS12

Importing keystore node1-new-PKCS-12.p12 to cacerts...

Enter source keystore password:

Entry for alias node1 successfully imported.

Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

 

Warning:

The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore cacerts -destkeystore cacerts -deststoretype pkcs12".

[user@node1 security]$

You have new mail in /var/spool/mail/user

[user@node1 security]$

[user@node1 security]$

[user@node1 security]$ keytool -import  -trustcacerts -alias ******* -file cert1.ccc -keystore cacerts -storepass password

Certificate was added to keystore

 

Warning:

The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore cacerts -destkeystore cacerts -deststoretype pkcs12".

[user@node1 security]$

 Restart Managed server 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)