It's all about the answers!

Ask a question

java.security.cert.CertPathValidatorException starting RTC 6.0.6.1 server on Windows


Geoff Alexander (19623947) | asked Nov 02 '20, 2:07 p.m.
edited Nov 02 '20, 3:36 p.m.
I'm getting the following certificate error when start an RTC 6.0.6.1 server:

[11/2/20 13:30:12:905 EST] 000000d2 com.ibm.ws.ssl.core.WSX509TrustManager                       E CWPKI0022E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN CN=www.ibm.com, O=IBM, L=Armonk, ST=New York, C=US was sent from the target host.  The signer might need to be added to local trust store c:/Program Files/IBM/JazzTeamServer-6.0.6.1/server/liberty/servers/clm/resources/security/ibm-team-ssl.keystore, located in SSL configuration alias defaultSSLConfig.  The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
    java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error
[11/2/20 13:30:13:138 EST] 000000d2 com.ibm.ws.ssl.core.WSX509TrustManager                       E CWPKI0022E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN CN=www.ibm.com, O=IBM, L=Armonk, ST=New York, C=US was sent from the target host.  The signer might need to be added to local trust store c:/Program Files/IBM/JazzTeamServer-6.0.6.1/server/liberty/servers/clm/resources/security/ibm-team-ssl.keystore, located in SSL configuration alias defaultSSLConfig.  The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
    java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error

It looks as though the RTC server is using an IBM signed certificate.  I have no idea where this certificate comes from.  How do I resolve this problem?

Here's the RTC 6.0.61 server information from messages.log:

product = WebSphere Application Server 18.0.0.3 (wlp-1.0.22.cl180320180905-2337)
wlp.install.dir = C:/Program Files/IBM/JazzTeamServer-6.0.6.1/server/liberty/wlp/
server.config.dir = c:/Program Files/IBM/JazzTeamServer-6.0.6.1/server/liberty/servers/clm/
java.home = c:\Program Files\IBM\JazzTeamServer-6.0.6.1\server\jre
java.version = 1.8.0_191
java.runtime = Java(TM) SE Runtime Environment (8.0.5.25 - pwa6480sr5fp25-20181030_01(SR5 FP25))
os = Windows 10 (10.0; amd64) (en_US)
process = 23076@DESKTOP-4JM7NCL
Update:  I updated the RTC 6.0.6.1 server from iFix003 to iFix013 to see if that would help with the java.security.cert.CertPathValidatorException.  It did not.







Be the first one to answer this question!


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.