VERIFIED SOLUTION i
X

Resolve PKIX path building failed error in Spectrum

Issue

The jobexecutor tool provides the below error:

java.lang.RuntimeException: Problem logging into server 
at com.pb.spectrum.platform.server.common.security.RemoteSpectrumHttpSession.login(RemoteSpectrumHttpSession.java:59)
at com.g1.dcg.job.JobExecutor.executeJob(JobExecutor.java:87) 
at com.g1.dcg.job.JobExecutor.executeJob(JobExecutor.java:81) 
at com.g1.dcg.job.Main.execute(Main.java:70) 
at com.g1.dcg.job.Main.main(Main.java:23) 
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://server:8443/security/rest/token/access/remotehost/0": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:607) 
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:572) 
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:280) 
at com.pb.spectrum.platform.server.common.security.RemoteSpectrumHttpSession.login(RemoteSpectrumHttpSession.java:52)
... 4 more 
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) 
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) 
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) 
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) 
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) 
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) 
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) 
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) 
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) 
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) 
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) 
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) 
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) 
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) 
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) 
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) 
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) 
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) 
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) 
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) 
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) 
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) 
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) 
at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:91) 
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53) 
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:596) 
... 7 more 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) 
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) 
at sun.security.validator.Validator.validate(Validator.java:260) 
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) 
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) 
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) 
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) 
... 30 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) 
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) 
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) 
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) 
... 36 more 
Problem logging into server) 

Cause

The jobexecutor tool is unable to retrieve the certificate needed to make a secure connection to the Spectrum server in order to make the request.

Resolution

UPDATED: September 13, 2017


You need to import the certificate into the 64 bit JVM folder.

keytool -importcert -alias machineName -file pathtoCert\certFilename.cer -keystore "C:\Program Files\Pitney Bowes\Spectrum\java64\jre\lib\security\cacerts" -storepass changeit -noprompt

Environment Details

Product affected: Spectrum™ Technology Platform

Operating System: Windows, Linux, UNIX

Versions: 9 SP3, 10 SP1, 11 SP1, 12.0

 

Downloads

  • No Downloads