java security cert certpathvalidatorexception certificate chaining error

Question

Problem :

I am trying to consume a RESTful service from url https://someurl.com. But I am getting the following error: 

java security cert certpathvalidatorexception certificate chaining error

Answer 1

Please login to web admin console & follow bellow steps to resolve your issue.

• Please go to Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates
• Please click Retrieve from port button, and specify hostname, 443 port, and Alias.
• Please click Retrieve singer information button.
• Please verify if correct certificate is imported.
• Please save, and restart.

Further Readings:

https://support.oracle.com/knowledge/Oracle%20E-Business%20Suite/1903860_1.html

Answer 2

I'm pretending you have a web application, which is attempting to access that restful service.

First, you must not place your stores via javax.net.ssl.* properties, however use SSL configurations given in WebSphere. Hence comment all these setProperty() calls. Second, you have to include your service server certificate to the trust store

Login to web admin console:

• Go to Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates

• Click on Retrieve from port button, and seclude hostname, 443 port, and Alias.

• Click On Retrieve singer information button.

• Accomplish, in case right certificate is imported (parent).

• Save, and restart.

In few versions, the child certificate was imported (not the root), in that instance, you will have to manually download the root certificate and instanr (for example through browser, and import that one to the NodeDefaultTrustStore, however this time employing Add button, not Retrieve..

I lately had this similar problem with our db provider, they sent me their .crt file and I had to make a keystore with it.

keytool -import -alias "name" -file "/path/to/file" -keystore "/path/to/keystore/file" -storetype pkcs12 -storepass "keystorepass"

then at my main class I identified truststore and truststore pass:

 System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore/file");
 System.setProperty("javax.net.ssl.trustStorePassword", "keystorepass");  

One method to confirm that all of the necessary certificates are in your keystore is employing the “keytool” from the bin directory of the interface in use.

1. Begin an Administrator Command Prompt.

2. Navigate to the bin directory of the API method you are employing.

3. Type keytool –list and review the certificates stocked. You must view at least one Verisign certificate authored by Avalara with an expiration date greater than the current date.

4. In case not, you may require to recreate the keystore with 'keytool' employing the "genkey" option and re-import your application certificates in case any of the components of the certificate chain are missing or out of date.