AnsweredAssumed Answered

PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate verify failed!

Question asked by Devani Nagaratnam on Jul 18, 2017
Latest reply on Jul 18, 2017 by Boris Lekumovich

Hi All,

 

Daniel Cinnamon

 

I am facing issue while doing the AFX server installation in clustered environment. We have migrated the database from standalone to the clustered environment. I am installing the AFX in Host Controller and I am getting the below error. I have updated the Server and client keystore, but still seeing the below errors in the AFX-INIT Log and AFX-Main Log.

I have attached both the log files for reference. Using Version 7.0.1 (No Patch). Please let me know the suggestions.

 

 

AFX - INIT Log Errors:

 

2017-07-18 06:13:23.405 [ERROR] com.aveksa.afx.server.init.SubmitInitializationRequestComponent:156 - Error submitting initialization request to RSA Identity Governance and Lifecycle server!

2017-07-18 06:13:23.405 [ERROR] com.aveksa.afx.server.init.SubmitInitializationRequestComponent:162 - Unable to establish secure (SSL) connection with RSA Identity Governance and Lifecycle server.

2017-07-18 06:13:23.406 [ERROR] com.aveksa.afx.server.init.SubmitInitializationRequestComponent:176 - Please verify that all steps have been properly executed for enabling secure communication between RSA Identity Governance and Lifecycle server and remote components such as AFX.

2017-07-18 06:13:23.406 [ERROR] com.aveksa.afx.server.init.ServerInitializationComponent:79 - Server initialization failed! Please correct the issue and restart AFX.

 

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate verify failed!

        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)

        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)

        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)

        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)

        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)

        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)

        at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)

        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)

        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)

        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:709)

        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)

        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

        at org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:150)

        at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:495)

        at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)

        at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)

        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)

        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)

        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)

        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)

        at org.mule.transport.http.HttpClientMessageDispatcher.execute(HttpClientMessageDispatcher.java:144)

        ... 117 more

Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate verify failed!

        at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)

        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)

        at sun.security.validator.Validator.validate(Validator.java:260)

        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)

        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)

        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)

        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)

        ... 135 more

Caused by: java.security.cert.CertPathValidatorException: Certificate verify failed!

        at com.rsa.cryptoj.o.qm.a(Unknown Source)

        at com.rsa.cryptoj.o.qm.a(Unknown Source)

        at com.rsa.cryptoj.o.ql.engineValidate(Unknown Source)

        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)

        at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)

        ... 141 more

 

 

 

 

AFX Main-Log

 

2017-07-18 05:36:16.613 [ERROR] org.mule.module.launcher.application.DefaultMuleApplication:361 - null
java.lang.IllegalArgumentException: Could not resolve placeholder 'afx.server.activemq.password' in string value "${afx.server.activemq.password}"
at org.springframework.util.PropertyPlaceholderHelper.parseStringValue(PropertyPlaceholderHelper.java:173)
at org.springframework.util.PropertyPlaceholderHelper.replacePlaceholders(PropertyPlaceholderHelper.java:125)
at org.springframework.beans.factory.config.PropertyPlaceholderConfigurer$PlaceholderResolvingStringValueResolver.resolveStringValue(PropertyPlaceholderConfigurer.java:258)

 

 

 

Thanks & Regards,

Devani N

Outcomes