I am running a IBM Liberty server (on IBM Container) in https with a self signed certificate (described in server.xml).
I am connecting to IBM cloudant database for by DB needs. Everything worked fine until I switched my liberty server to https. I am getting the following excepton
[ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.cloudant.com, O="Cloudant, Inc.", L=Boston, ST=Massachusetts, C=US was sent from the target host. The signer might need to be added to local trust store /opt/ibm/wlp/output/defaultServer/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
I followed the documentation here https://www.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.installconfig.doc/install_config/t_install_datastore_config_certificates.html to import the cloudant certificate generated by openssl s_client -connect cloudant.com:443 -showcerts > cloudant.cert to the liberty truststore, but that did not resolve the issue.
Your help is appreciated.
Try with: openssl s_client -connect xxxxx-bluemix.cloudant.com:443 where xxxxx-bluemix.cloudant.com refers to your Bluemix Cloudant service instance.
You can get the service instance domain by launching the Cloudant dashboard in Bluemix from your Cloudant service instance. Click on the API tab on the top right.