Troubleshooting
Problem
Logging in with the IBM Identity Insight Visualizer returns 'Invalid username/password' even when the username and password have been confirmed to be accurate.
Symptom
The javaws.log shows:
Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
... 103 more
Feb 10, 2011 5:43:55 PM null null
SEVERE: ssl.certificate.end.date.invalid.CWPKI0312E
Feb 10, 2011 5:43:55 PM
com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl createSSLSocket
AWT-EventQueue-0
SEVERE: JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and
server could not negotiate the desired level of security. Reason:
com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl
could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued
by CN=bcdhost, OU=Root Certificate, OU=DefaultCell, OU=DefaultNode,
O=IBM, C=US is not trusted;
Cause
This type of error usually stems from importing certificates from Websphere. eWAS holds the files that EAS downloads to the Visualizer client PC. If these files are corrupted then it will always download bad files to the user.
Diagnosing The Problem
The eWAS has to generate its own SSL certificate on installation, so if there is something wrong with the certificate then that could be the problem. If multiple clients fail, it signals a problem on the server side.
Resolving The Problem
Reinstall EAS to resolve the corrupted certificate problem on the server.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21470457