|Applies To||RSA Product Set: Identity Management and Governance|
RSA Version/Condition: 7.0
O/S Version: Red Hat Enterprise Linux
|Issue||When executing a custom Java workflow node that connects to a remote system, you may receive the following error:|
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
The issuer certificates used to sign the remote system's certificates have been added to $JAVA_HOME/lib/security/cacerts and /home/oracle/keystore.
|Cause||Red Hat Enterprise Linux (RHEL) may be using a different keystore than expected. Certificates added to $JAVA_HOME/lib/security/cacerts and /home/oracle/keystore may not be recognized by the JRE.|
|Resolution||Add your issuer certificates to the keystore located in /etc/pki/java/cacerts using the keytool utility. Below is an example of the syntax needed:|
keytool -import -alias Aveksa -file MyTrustedIssuer.cer -keystore /etc/pki/java/cacerts
For more information, consult the documentation on keytool from Oracle.