• Register
search
Log In
0 votes
162 views

Problem :

I am trying to consume a RESTful service from url https://someurl.com. But I am getting the following error: 
java security cert certpathvalidatorexception certificate chaining error
6.9k points

2 Answers

0 votes

Solution :

Please login to web admin console & follow bellow steps to resolve your issue.

  • Please go to Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates
  • Please click Retrieve from port button, and specify hostname, 443 port, and Alias.
  • Please click Retrieve singer information button.
  • Please verify if correct certificate is imported.
  • Please save, and restart.

Further Readings:

https://support.oracle.com/knowledge/Oracle%20E-Business%20Suite/1903860_1.html

36.1k points
edited by
0 votes

Solution:

I'm pretending you have a web application, which is attempting to access that restful service.

First, you must not place your stores via javax.net.ssl.* properties, however use SSL configurations given in WebSphere. Hence comment all these setProperty() calls. Second, you have to include your service server certificate to the trust store

Login to web admin console:

  • Go to Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates

  • Click on Retrieve from port button, and seclude hostname, 443 port, and Alias.

  • Click On Retrieve singer information button.

  • Accomplish, in case right certificate is imported (parent).

  • Save, and restart.

In few versions, the child certificate was imported (not the root), in that instance, you will have to manually download the root certificate and instanr (for example through browser, and import that one to the NodeDefaultTrustStore, however this time employing Add button, not Retrieve..

I lately had this similar problem with our db provider, they sent me their .crt file and I had to make a keystore with it.

keytool -import -alias "name" -file "/path/to/file" -keystore "/path/to/keystore/file" -storetype pkcs12 -storepass "keystorepass"

then at my main class I identified truststore and truststore pass:

 System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore/file");
 System.setProperty("javax.net.ssl.trustStorePassword", "keystorepass");  

One method to confirm that all of the necessary certificates are in your keystore is employing the “keytool” from the bin directory of the interface in use.

  1. Begin an Administrator Command Prompt.

  2. Navigate to the bin directory of the API method you are employing.

  3. Type keytool –list and review the certificates stocked. You must view at least one Verisign certificate authored by Avalara with an expiration date greater than the current date.

  4. In case not, you may require to recreate the keystore with 'keytool' employing the "genkey" option and re-import your application certificates in case any of the components of the certificate chain are missing or out of date.

12.8k points
edited by

Related questions

0 votes
1 answer 38 views
38 views
Problem : I have the Java web service client, which consumes the web service via HTTPS. When I try to connect to the service URL (https://AAA.BBB.CCC.DDD:9443/ISomeService ), I get the exception as below: “ Java.security.cert.CertificateException: No subject alternative names present.”
asked Jan 21 jwilliam 3.9k points
0 votes
1 answer 88 views
88 views
Problem : I have a Java web service client, which consumes a web service via HTTPS. When I connect to the service URL, I get the exception java.security.cert.CertificateException: No subject alternative names present.
asked Oct 22, 2019 peterlaw 6.9k points
0 votes
1 answer 74 views
74 views
Problem : When I installed the final certificate I got the following error: keytool error: java.lang.Exception: Failed to establish chain from reply
asked Oct 23, 2019 peterlaw 6.9k points
0 votes
1 answer 104 views
104 views
Problem : I can push by clone project using ssh but it is not working for me getting following error server certificate verification failed. cafile: /etc/ssl/certs/ca-certificates.crt crlfile: none
asked Nov 12, 2019 peterlaw 6.9k points
0 votes
1 answer 59 views
59 views
Problem : Since I upgraded the existing project with the iOS 9, I keep getting the below error : “An SSL error has occurred and a secure connection to the server cannot be made.”
asked Jan 4 alecxe 7.5k points