• Register
0 votes
319 views

Problem :

I am trying to consume a RESTful service from url https://someurl.com. But I am getting the following error: 
java security cert certpathvalidatorexception certificate chaining error
6 5 3
6,930 points

Please log in or register to answer this question.

2 Answers

0 votes

Solution :

Please login to web admin console & follow bellow steps to resolve your issue.

  • Please go to Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates
  • Please click Retrieve from port button, and specify hostname, 443 port, and Alias.
  • Please click Retrieve singer information button.
  • Please verify if correct certificate is imported.
  • Please save, and restart.

Further Readings:

https://support.oracle.com/knowledge/Oracle%20E-Business%20Suite/1903860_1.html

9 7 4
38,600 points
0 votes

Solution:

I'm pretending you have a web application, which is attempting to access that restful service.

First, you must not place your stores via javax.net.ssl.* properties, however use SSL configurations given in WebSphere. Hence comment all these setProperty() calls. Second, you have to include your service server certificate to the trust store

Login to web admin console:

  • Go to Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates

  • Click on Retrieve from port button, and seclude hostname, 443 port, and Alias.

  • Click On Retrieve singer information button.

  • Accomplish, in case right certificate is imported (parent).

  • Save, and restart.

In few versions, the child certificate was imported (not the root), in that instance, you will have to manually download the root certificate and instanr (for example through browser, and import that one to the NodeDefaultTrustStore, however this time employing Add button, not Retrieve..

I lately had this similar problem with our db provider, they sent me their .crt file and I had to make a keystore with it.

keytool -import -alias "name" -file "/path/to/file" -keystore "/path/to/keystore/file" -storetype pkcs12 -storepass "keystorepass"

then at my main class I identified truststore and truststore pass:

 System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore/file");
 System.setProperty("javax.net.ssl.trustStorePassword", "keystorepass");  

One method to confirm that all of the necessary certificates are in your keystore is employing the “keytool” from the bin directory of the interface in use.

  1. Begin an Administrator Command Prompt.

  2. Navigate to the bin directory of the API method you are employing.

  3. Type keytool –list and review the certificates stocked. You must view at least one Verisign certificate authored by Avalara with an expiration date greater than the current date.

  4. In case not, you may require to recreate the keystore with 'keytool' employing the "genkey" option and re-import your application certificates in case any of the components of the certificate chain are missing or out of date.

10 6 4
31,120 points

Related questions

0 votes
1 answer 5 views
0 votes
1 answer 52 views
52 views
Problem : I have the Java web service client, which consumes the web service via HTTPS. When I try to connect to the service URL (https://AAA.BBB.CCC.DDD:9443/ISomeService ), I get the exception as below: “ Java.security.cert.CertificateException: No subject alternative names present.”
asked Jan 21, 2020 jwilliam 3.9k points
0 votes
1 answer 125 views
125 views
Problem : I have a Java web service client, which consumes a web service via HTTPS. When I connect to the service URL, I get the exception java.security.cert.CertificateException: No subject alternative names present.
asked Oct 22, 2019 peterlaw 6.9k points
0 votes
1 answer 155 views
155 views
Problem : I can push by clone project using ssh but it is not working for me getting following error server certificate verification failed. cafile: /etc/ssl/certs/ca-certificates.crt crlfile: none
asked Nov 12, 2019 peterlaw 6.9k points
0 votes
1 answer 152 views
152 views
Problem : When I installed the final certificate I got the following error: keytool error: java.lang.Exception: Failed to establish chain from reply
asked Oct 23, 2019 peterlaw 6.9k points
0 votes
1 answer 127 views
127 views
Problem : Since I upgraded the existing project with the iOS 9, I keep getting the below error : “An SSL error has occurred and a secure connection to the server cannot be made.”
asked Jan 4, 2020 alecxe 7.5k points
0 votes
1 answer 57 views
57 views
Problem : I guess Chrome have released an update over the past week. And this update has caused at least 100 of our internal applications to throw the exception shown below. The solutions I have found over the Internet, talk about updating the ... there anyone who is aware of a similar fix in Chrome? Error Server has a weak ephemeral Diffie-Hellman public key ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
asked Nov 25, 2019 alecxe 7.5k points
0 votes
2 answers 366 views
366 views
Problem : The bellow error occurs while importing a Sun Java certificate into a Keystore: keytool error: java.lang.Exception: Input not an X.509 certificate
asked Nov 2, 2019 peterlaw 6.9k points