Currently, this is a limitation of the current cookbooks. At this time the cookbooks can only import the root cert and signed cert (pfx). These leads to missing functionality within portal for processes that rely on internal communication between the portal and server machines (only tested with enterprise primary single machine base deployment).
Without importing the intermediate certificate and the full certificate chain, the option to save credentials when adding a secure service from the federated server is missing in the web UI, and when attempting to do it programmatically through the web API, users will encounter this error:
Invalid SSL certificate found. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Manually importing the root, intermediate, and signed cert (with using the checkbox to import certificate chain) resolves these error logs and the UI functionality returns.
Currently, this is a limitation of the current cookbooks. At this time the cookbooks can only import the root cert and signed cert (pfx). These leads to missing functionality within portal for processes that rely on internal communication between the portal and server machines (only tested with enterprise primary single machine base deployment).
Without importing the intermediate certificate and the full certificate chain, the option to save credentials when adding a secure service from the federated server is missing in the web UI, and when attempting to do it programmatically through the web API, users will encounter this error:
Invalid SSL certificate found. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetManually importing the root, intermediate, and signed cert (with using the checkbox to import certificate chain) resolves these error logs and the UI functionality returns.
Here is the link to the discussion between @cameronkroeker and myself.
I have also requested this to be filed as an enhancement request with my Esri Support Rep under Esri Case ENH-000168761