Hi All,

We are facing the https certificate problem in accessing one of our URLs, which was working earlier properly. We are having the certificate now also in SMP Key store, but still we are getting this error. From the server machine we are able to access the url properly in browsers, so there is no problem in accessing the URL. What will be the reason for this issue. Please find the server logs.

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)

  at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

  at sun.security.validator.Validator.validate(Validator.java:260)

  at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)

  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)

  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:107)

  at com.sap.esb.security.impl.delegates.X509TrustManagerDelegate.checkServerTrusted(X509TrustManagerDelegate.java:48)

  at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:885)

  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)

  ... 593 common frames omitted

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)

  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)

  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)

Things which we have did already,

1.Directly from SMP Cockpit removing the existing certificate and try to import the new one.

     -We are able to remove the certificate  and got successful message.

     -Importing the new certificate, getting an error says will not be able to import the certificate. It gives following error.

                    Import Failure: 500

                    Service Exception occured during import X509 certificate:

                    !IMPORT_X509_CERTIFICATE_FAIL: ![]Save keystore fail

2. So after removing the certificates, we have restarted the server and try to import new certificate, but surprisingly we still have the older certificate

None of the above steps was successful.

Please help us in solving this issue.

-Dinesh C R