000035162 - RSA Identity Management and Governance SSLHandshakeException when using a custom Java workflow node on Red Hat Enterprise Linux (RHEL)

Document created by RSA Customer Support Employee on May 23, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035162
Applies ToRSA Product Set: Identity Management and Governance
RSA Version/Condition: 7.0
O/S Version: Red Hat Enterprise Linux
IssueWhen executing a custom Java workflow node that connects to a remote system, you may receive the following error:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The issuer certificates used to sign the remote system's certificates have been added to $JAVA_HOME/lib/security/cacerts and /home/oracle/keystore.
CauseRed Hat Enterprise Linux (RHEL) may be using a different keystore than expected. Certificates added to $JAVA_HOME/lib/security/cacerts and /home/oracle/keystore may not be recognized by the JRE.
ResolutionAdd your issuer certificates to the keystore located in /etc/pki/java/cacerts using the keytool utility. Below is an example of the syntax needed:
keytool -import -alias Aveksa -file MyTrustedIssuer.cer -keystore /etc/pki/java/cacerts

For more information, consult the documentation on keytool from Oracle.