KB Article #176191
DIAGI 260 with CFTJ00E javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.cer
Problem
--CFTJ00E javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.cer--New partner's certificates loaded into the CFT PKI
Resolution
--The message relates an issue building the certificate chain--There is no certificate in the pki database that matches the issuer of the certificate
--Verify with the the certificates chain needed to validate the certificate
--ensure the PKI is loaded with all needed certificates for the chain
Note:
Below traces are needed for the support and can help to find what certificate chain is in error:
- Activate java traces (change the value of the uconf:cft.jre.start_options to include the option "-Djavax.net.debug=all");
- Start cft;
- Do a transfer with the partner where the issue occurs;
- Generate a cft_support
That trace permit to check exactly which certificate chain both parts are using and why they don't match.