We are trying to connect to application hosted on websphere from Solaris host, keystore has been configured on JVM hosting application.
The issue appears when we try to access from remote host, it gives the following exception
Connecting to Authorization Gateway at https://gde_poc_crdh.service.anz:443/ag-dev...
Error connecting to Authorization Gateway: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
We have tried extracting certificates from JVM keystore and adding to host keystore, but it does not work.
How to fix this?
You have to include the server public certificate in the whitelist of your client JRE (the truststore)
Options
1) Include the server certificate in JRE trustore (jre/lib/security/cacerts) (Not recommended)
2) Use your own truststore and include the server certificate (recommended)
System.setProperty ("javax.net.ssl.trustStore", path_to_your_trustore_jks_file);
System.setProperty ("javax.net.ssl.trustStorePassword", "password");
3) Disable trustStore validation setting your own TrustManager (not recommended at all)
See details https://stackoverflow.com/a/37987359/6371459