Sunita Bhat

PKIX issue with RSA IG&L 7.1Patch01

Discussion created by Sunita Bhat on Aug 1, 2018

Our setup includes RSA ITG&L 7.1 Patch 01 running on RHEL with Wildfly. 

We create our SSL certs and both aveksa.keystore and cacerts are updated with required certs.

The browser connection works well and shows a valid cert.

URL: https://myhost.net:8443/aveksa/main

 

We have an application request form where we are utilizing DropDownSelectWithWebService field type. In here, our dropdown is invoking a Webservice call to itself (https://myhost:8443/aveksa/command.submit?cmd=findUsers&returnMaxRows=1&returnColumns=businessunit&format=csv )

 

Issue: At run time this dropdown gives "pkix path building failed sun.security.provider.certpath.suncertpathbuilderexception".

 

This used to work just fine in 7.0 version.

 

Question: In this scenario where a webservice hosted on myhost is being called by myhost application form,

which keystore should hold the client cert and which one should hold server cert?

Outcomes