"javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

The solution is to import the LDAP server's public key into UCM Java's default keystore in $JAVA_HOME/jre/lib/security/cacerts file using $JAVA_HOME/bin/keytool command 

1. In Linux or Unix, if not already set, add write permissions to the <Java home>/jre/lib/security/cacerts file

2. To find the JVM used by the UCM

          a. In the UCM go to Administration --> Configuration for <instance>

          b. Select the Java Properties link

          c. Look for the java.home setting

          Example: java.home /usr/java/jdk1.6.0_20/jre

3. On the system place the LDAP SSL certificate in an accessible location

4. From a Command Window or shell run the following command:

Note: The command must be all on one line, <java home> must match the server’s JVM version, <myserver.company.com> must match the WCC server's certificate’s “Ïssued to:” value, and ./<cert file> must match the location and name of the WCC's SSL certificate file
<java home>/bin/keytool -keystore <java home>/jre/lib/security/cacerts -import -alias <myserver.company.com> -file ./<cert file> 

Example (all on one line):

/usr/java/jdk1.6.0_20/bin/keytool -keystore /usr/java/jdk1.6.0_20/jre/lib/security/cacerts -import -alias myserver.company.com -file /tmp/my-server.crt
5. Restart the Admin servers for Webcenter Content and restart the Webcenter Content Managed Servers.
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed