IBM Support

How to add the signer/public key/remote server certificate to the WebSphere Application Server truststore trust.p12 or java truststore cacerts?

How To


Summary

The following SSL handshake failure error messages are displayed in the SystemOut.log. If the remote server certificate is missing under WebSphere Application Server truststore trust.p12 or java truststore cacerts

CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US" was sent from target host:port "www.ibm.com:443". The signer may need to be added to local trust store "C:/WASv9.0/profiles/AppSrv02/config/cells/DESKTOP-N26SS9TCell02/trust.p12" located in SSL configuration alias "NodeDefaultSSLSettings" loaded from SSL configuration file "security.xml". The extended error message from the SSL handshake exception is: "PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target".



javax.net.ssl.SSLHandshakeException - The client and server could not negotiate the desired level of security. Reason: com.ibm.jsse2.util.j: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.jsse2.g.a(g.java:56)
at com.ibm.jsse2.bb.a(bb.java:184)

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m50000000CdL1AAK","label":"WebSphere Application Server traditional-All Platforms-\u003ESecurity-\u003ESSL-\u003ESSL - Certificates"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
03 March 2025

UID

ibm16590877

Page Feedback