Symptom
Errors similar to those below are found in various FME Flow (formerly FME Server) or Tomcat log files.javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:sun.security.provider.certpath.SunCertPathBuilderException: unable to findvalid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target
Cause
The certificate used for SSL has not been imported into the FME Flow cacerts truststore or is a self-signed certificate.
Resolution
Obtain a copy of the CER or CRT file and import it into the FME Server cacerts truststore.
- Login to FME Flow using a web browser (e.g. Google Chrome, as shown below)
- View the “Certificate Information”
- Click the Certificate Details tab and "Export"
- Save as a “Base64 encoded ASCII, single certificate (*.pem,*.crt)” to local disk (e.g. <certpath>\mycert.crt)
- Using the Command Prompt (as an Administrator), change the directory to <FMEFlow>\Utilities\jre\bin
- Enter the following command, making the appropriate changes to <FMEFlow>, <certpath> and the Alias value. If you wish to import all the certificates in the keystone into the trusted cacerts file you can remove the alias parameter:
keytool -import -trustcacerts -keystore "<FMEFlow>\Utilities\jre\lib\security\cacerts" -storepass changeit -noprompt -alias mycert -file "<certpath>\mycert.crt"
- Restart FME Flow and try submitting a job.
Comments
0 comments
Please sign in to leave a comment.