This is an archive of the Maximo Yahoo Community. The content of this pages may be a sometimes obsolete so please check post dates.
Thanks to the community owner Christopher Wanko for providing the content.
Hey Gang,
Has anyone tried to post to a HTTPS URL through Maximo? I can post via Firefox poster without a problem, but when I try to send it via Maximo, I get the following error. Any ideas??
nullBMXAA1477E - The connection failed to the HTTP handler for the
endpoint.com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not
build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by
CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US is
not trusted; internal cause is: java.security.cert.CertPathValidatorException:
Certificate chaining error
thanks,
John
John,
It appears the web service you have Maximo posting to (I'm assuming Maixmo
is initiating) uses a certificate that Maximo's application server (looks
to be WebSphere by the endpoint.com.ibm.jsse2.util.g class name) does not
trust.
Did you self-sign the SSL certificate? If so you will need to add the CA
certificate to WebSphere's trust.
Basically, the CA cert needs to be trusted so that SSL certificates signed
by the CA certificate will be trusted. If this was signed by an external
authority like Thawte, Globalsign, etc... You may need to add their CA
certificate to WebSphere's trust. I'm guessing "DigiCert Inc," is a
standard third party authority like Thawte or Globalsign.
In the end this error is usually from a certificate's "trust chain"
terminating in an untrusted CA certificate.
On Wed, Jul 24, 2013 at 11:05 AM, John Ballnik <jballnik@yahoo.com> wrote:
> **
>
>
> Hey Gang,
>
> Has anyone tried to post to a HTTPS URL through Maximo? I can post via
> Firefox poster without a problem, but when I try to send it via Maximo, I
> get the following error. Any ideas??
>
> nullBMXAA1477E - The connection failed to the HTTP handler for the
> endpoint.com.ibm.jsse2.util.g: PKIX path building failed:
> java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could
> not
> build a valid CertPath.; internal cause is:
> java.security.cert.CertPathValidatorException: The certificate issued by
> CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc,
> C=US is
> not trusted; internal cause is:
> java.security.cert.CertPathValidatorException:
> Certificate chaining error
>
> thanks,
> John
>
>
>
>
>
--
\\\|///
\\ - - //
( @ @ )
+-------oOOo-(_)-oOOo-------+
| Greg Aluise |
| galuise@gmail.com |
+---------------Oooo--------+
oooO ( )
( ) ) /
\ ( (_/
\_)
John,
The trickiest part of solving this issue is finding the correct keystore
has WebSphere has many keystore files scattered throughout its directories.
You can also add signer certificates from within the WebSphere console, Security > SSL Certificate and key management > Key stores and certificates > CellDefaultTrustStore > Singner certificates.
-Chris H
-----Original Message-----
From: MAXIMO@yahoogroups.com [mailto:MAXIMO@yahoogroups.com] On Behalf Of Greg Aluise
Sent: Wednesday, July 24, 2013 12:15 PM
To: MAXIMO@yahoogroups.com
Subject: Re: [MAXIMO List] SSL With Web Services
John,
The trickiest part of solving this issue is finding the correct keystore
has WebSphere has many keystore files scattered throughout its directories.