Certificate chaining error
Our builds publish URLs to directories on a file server (where build output is staged). In 3.0.1.4 (rich client and server) opening the link would open a browser. After upgrading to 4.0.3 (rich client and server) trying to open the link results in:
com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=IBM Internal Root CA, O=International Business Machines Corporation, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=IBM Internal Root CA, O=International Business Machines Corporation, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error javax.net.ssl.SSLHandshakeException I can successfully open the link directly in a browser. I can also paste the link into a work item and click on it (1st time I get a dialog warning about an invalid cert but am allowed to proceed). I expect the same dialog when opening a link from the download tab of a build result but instead get the error (above). What can we do to get this working like it did in 3.0.1.4? |
One answer
If I understand right you're trying to bounce out to another server from RTC UI ?
Sounds like the JRE (for RTC) certificate file doesn't contain the signing certificate Did your application server/jre change. If your application server is Tomcat try running keytool on the cacerts file thus: keytool -list -keystore jre/lib/security/cacerts -storepass .... ( I know the default is 'changeit' but it could be different ) and look for your IBM issued certificate If WAS, you could get the certificate into the DefaultTrustStore by importing from a given host or port. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.