Troubleshooting
Problem
When attempting to access any IBM Maximo Optimizer application through the UI, users may encounter failures due to Liberty being unable to establish secure HTTPS connections required for authentication and API communication.
This issue occurs when Liberty is configured with a PKCS12 truststore that does not contain the complete certificate chain and is not allowed to use JVM default CAs.
Symptom
Users report that the Optimizer UI fails to load, fails authentication, or becomes inaccessible.
Liberty logs in the Optimizer API pod show TLS handshake failures similar to the following:
[ERROR ] CWPKI0823E: SSL HANDSHAKE FAILURE: A signer with SubjectDN [CN=admin.optidev.ibmmasfvt.com] was sent from the host [auth.<domain>:443]. The signer might need to be added to local trust store [/etc/optimizer/certs/truststore/truststore.p12], located in SSL configuration alias [defaultSSLConfig]. The extended error message from the SSL handshake exception is: [PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target].
During authentication or JWT validation, you may also see:
CWWKS6031E: The JSON Web Token (JWT) consumer [jwtConsumer] cannot process the token string.CWWKS6051E: Cannot retrieve JSON Web Key (JWK) from URL [https://auth.<domain>/oidc/endpoint/MaximoAppSuite/jwk].PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
These errors prevent the Optimizer UI from completing authentication and loading correctly.
Document Location
Worldwide
Log InLog in to view more of this document
Was this topic helpful?
Document Information
Modified date:
25 February 2026
UID
ibm17261689