SecurID® Governance & Lifecycle Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.
Article Number
000038716
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.0.x, 7.1.x, 7.2.x
RSA Version/Condition: 7.0.x, 7.1.x, 7.2.x
Issue
After creating a RESTful web service AFX connector, the connector shows with a Running status but a test of the connector fails with:
Image description
Image description
Image description
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path.
- Connector in a Running state:
Image description- Output from a test of the connector:
Image description- Accessing the same URL via a REST/SOAP tool has no issues:
Image descriptionCause
The SSL certificate for the REST API URL being accessed is not trusted in the RSA Identity Governance & Lifecycle truststore.
Resolution
Download the SSL certificate used by the URL being accessed and load it into the truststore. The example below shows how to obtain the certificate using Firefox and add the certificate to the truststore.
Image description
- Launch Firefox.
- Open the URL being accessed by the AFX RESTful web service connector.
- In the left-hand corner, click on the lock icon or the Info button to see the certificate issuer.
- Click the > at the right for more details.
- Click the More Information button.
- Click View Certificate.
Image description- Scroll down until you see the Download option:
PEM (cert) PEM (chain)
- Click on PEM (cert) to download the certificate in PEM format.
- Import the certificate to the JVM cacert as the root user:
keytool -importcert -alias startssl -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -file <path to the cert saved in step 7a>
- After importing the certificate, restart the AFX server as the afx user:
afx stop afx start
In this article
