Troubleshooting
Problem
In IBM Engineering Lifecycle Management (ELM) products, an SSL handshake error is reported on application server startup. This issue does not usually affect the operation of the application server, but creates log noise.
Symptom
In WebSphere Application Server, the error is recorded in the SystemErr.log.
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error
In WebSphere Application Server Liberty, the error is recorded in messages.log.
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error com.ibm.ws.ssl.core.WSX509TrustManager checkServerTrusted" at ffdc_20.05.01_14.11.07.0.log
CWPKI0823E: SSL HANDSHAKE FAILURE: A signer with SubjectDN [CN=www.ibm.com, O=IBM, L=Armonk, ST=New York, C=US] was sent from the host [www.ibm.com:443]. The signer might need to be added to local trust store [C:/Program Files/IBM/JazzTeamServer701/server/liberty/servers/clm/resources/security/ibm-team-ssl.p12], located in SSL configuration alias [defaultSSLConfig]. The extended error message from the SSL handshake exception is: [PKIXCertPathBuilderImpl could not build a valid CertPath.].
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: PKIXCertPathBuilderImpl could not build a valid CertPath.
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPRJQ","label":"IBM Engineering Lifecycle Management Base"},"ARM Category":[{"code":"a8m0z000000blLAAAY","label":"Jazz Team Server-\u003EJazz Foundation Services-\u003ERepository"}],"ARM Case Number":"TS003693506","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
22 July 2020
UID
ibm16240804