Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

java.security.cert.CertPathValidatorException starting RTC 6.0.6.1 server on Windows

Questions
Tags
Users
Badges
Geoff Alexander
(19623948) edited
Nov 02 '20, 3:36 p.m.
I'm getting the following certificate error when start an RTC 6.0.6.1 server:

[11/2/20 13:30:12:905 EST] 000000d2 com.ibm.ws.ssl.core.WSX509TrustManager                       E CWPKI0022E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN CN=www.ibm.com, O=IBM, L=Armonk, ST=New York, C=US was sent from the target host.  The signer might need to be added to local trust store c:/Program Files/IBM/JazzTeamServer-6.0.6.1/server/liberty/servers/clm/resources/security/ibm-team-ssl.keystore, located in SSL configuration alias defaultSSLConfig.  The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
    java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error
[11/2/20 13:30:13:138 EST] 000000d2 com.ibm.ws.ssl.core.WSX509TrustManager                       E CWPKI0022E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN CN=www.ibm.com, O=IBM, L=Armonk, ST=New York, C=US was sent from the target host.  The signer might need to be added to local trust store c:/Program Files/IBM/JazzTeamServer-6.0.6.1/server/liberty/servers/clm/resources/security/ibm-team-ssl.keystore, located in SSL configuration alias defaultSSLConfig.  The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
    java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error

It looks as though the RTC server is using an IBM signed certificate.  I have no idea where this certificate comes from.  How do I resolve this problem?

Here's the RTC 6.0.61 server information from messages.log:

product = WebSphere Application Server 18.0.0.3 (wlp-1.0.22.cl180320180905-2337)
wlp.install.dir = C:/Program Files/IBM/JazzTeamServer-6.0.6.1/server/liberty/wlp/
server.config.dir = c:/Program Files/IBM/JazzTeamServer-6.0.6.1/server/liberty/servers/clm/
java.home = c:\Program Files\IBM\JazzTeamServer-6.0.6.1\server\jre
java.version = 1.8.0_191
java.runtime = Java(TM) SE Runtime Environment (8.0.5.25 - pwa6480sr5fp25-20181030_01(SR5 FP25))
os = Windows 10 (10.0; amd64) (en_US)
process = 23076@DESKTOP-4JM7NCL
Update:  I updated the RTC 6.0.6.1 server from iFix003 to iFix013 to see if that would help with the java.security.cert.CertPathValidatorException.  It did not.







0 votes

0 answers
1,012 views
0 votes

Be the first one to answer this question!

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Nov 02 '20, 2:07 p.m.

Question was seen: 1,012 times

Last updated: Nov 02 '20, 3:36 p.m.

Confirmation Cancel Confirm