IBM Support

"Certificate chaining error" and invalid IBM Identity Insight Visualizer login

Troubleshooting


Problem

Logging in with the IBM Identity Insight Visualizer returns 'Invalid username/password' even when the username and password have been confirmed to be accurate.

Symptom

The javaws.log shows:

Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error

at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)

at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)

... 103 more

Feb 10, 2011 5:43:55 PM null null

SEVERE: ssl.certificate.end.date.invalid.CWPKI0312E

Feb 10, 2011 5:43:55 PM

com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl createSSLSocket

AWT-EventQueue-0

SEVERE: JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and

server could not negotiate the desired level of security. Reason:

com.ibm.jsse2.util.g: PKIX path building failed:

java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl

could not build a valid CertPath.; internal cause is:

java.security.cert.CertPathValidatorException: The certificate issued

by CN=bcdhost, OU=Root Certificate, OU=DefaultCell, OU=DefaultNode,

O=IBM, C=US is not trusted;

Cause

This type of error usually stems from importing certificates from Websphere. eWAS holds the files that EAS downloads to the Visualizer client PC. If these files are corrupted then it will always download bad files to the user.

Diagnosing The Problem

The eWAS has to generate its own SSL certificate on installation, so if there is something wrong with the certificate then that could be the problem. If multiple clients fail, it signals a problem on the server side.

Resolving The Problem

Reinstall EAS to resolve the corrupted certificate problem on the server.

[{"Product":{"code":"SS2HSB","label":"InfoSphere Identity Insight"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF033","label":"Windows"},{"code":"PF002","label":"AIX"},{"code":"PF025","label":"Platform Independent"},{"code":"PF027","label":"Solaris"},{"code":"PF016","label":"Linux"},{"code":"PF010","label":"HP-UX"}],"Version":"8.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
16 June 2018

UID

swg21470457