KB Article #176191

DIAGI 260 with CFTJ00E javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.cer

Problem

--CFTJ00E javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.cer
--New partner's certificates loaded into the CFT PKI

Resolution

--The message relates an issue building the certificate chain
--There is no certificate in the pki database that matches the issuer of the certificate
--Verify with the the certificates chain needed to validate the certificate
--ensure the PKI is loaded with all needed certificates for the chain

Note:

Below traces are needed for the support and can help to find what certificate chain is in error:

- Activate java traces (change the value of the uconf:cft.jre.start_options to include the option "-Djavax.net.debug=all");
- Start cft;
- Do a transfer with the partner where the issue occurs;
- Generate a cft_support

The trace from the jre will be located in log\cftjre.log
That trace permit to check exactly which certificate chain both parts are using and why they don't match.

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.