Certificate chaining error
Our builds publish URLs to directories on a file server (where build output is staged). In 3.0.1.4 (rich client and server) opening the link would open a browser. After upgrading to 4.0.3 (rich client and server) trying to open the link results in:
com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=IBM Internal Root CA, O=International Business Machines Corporation, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=IBM Internal Root CA, O=International Business Machines Corporation, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
javax.net.ssl.SSLHandshakeException
I can successfully open the link directly in a browser.
I can also paste the link into a work item and click on it (1st time I get a dialog warning about an invalid cert but am allowed to proceed).
I expect the same dialog when opening a link from the download tab of a build result but instead get the error (above). What can we do to get this working like it did in 3.0.1.4?
com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=IBM Internal Root CA, O=International Business Machines Corporation, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=IBM Internal Root CA, O=International Business Machines Corporation, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
javax.net.ssl.SSLHandshakeException
I can successfully open the link directly in a browser.
I can also paste the link into a work item and click on it (1st time I get a dialog warning about an invalid cert but am allowed to proceed).
I expect the same dialog when opening a link from the download tab of a build result but instead get the error (above). What can we do to get this working like it did in 3.0.1.4?
One answer
If I understand right you're trying to bounce out to another server from RTC UI ?
Sounds like the JRE (for RTC) certificate file doesn't contain the signing certificate Did your application server/jre change. If your application server is Tomcat try running keytool on the cacerts file thus:
keytool -list -keystore jre/lib/security/cacerts -storepass .... ( I know the default is 'changeit' but it could be different )
and look for your IBM issued certificate
If WAS, you could get the certificate into the DefaultTrustStore by importing from a given host or port.
Sounds like the JRE (for RTC) certificate file doesn't contain the signing certificate Did your application server/jre change. If your application server is Tomcat try running keytool on the cacerts file thus:
keytool -list -keystore jre/lib/security/cacerts -storepass .... ( I know the default is 'changeit' but it could be different )
and look for your IBM issued certificate
If WAS, you could get the certificate into the DefaultTrustStore by importing from a given host or port.