acdemyers
commented
4 years ago @jainchirag21064 The trust manager is complaining that a signer Is missing from myKey.jks. Is the certificate with subject DN "C=COUNTRYCODE, L=LOCATION, O=orgname., OU=UnitName, CN=CNName" in the myKey.jks file? If it is make sure the cert from the server and the one from the myKey.jks have the same serial number.
If you get JSSE trace by adding -Djavax.net.debug=all to the server's jvm.options file and recreate the error then post the trace.log or messages.logs I can take a look too to see if trust is in the file.
If the server certificate is CA issued you can use the trustDefaultCerts="true" option on the 'ssl' element to gain access to the JDK's trust.
Hi, I have added JKS file in the config/resources/security folder of my openliberty application. When i build the application it add the JKS file to wlp/usr/servers/defaultServer/resources/security/myKey.jks
But still when i run the application the Keystore is not created also when it trigger the external service for which the SSLHandShake is required it gives me below error
A signer with SubjectDN [C=COUNTRYCODE, L=LOCATION, O=orgname., OU=UnitName, CN=CNName] was sent from the host [Host domain]. The signer might need to be added to local trust store [/wlpExtract/app_18489337952462/wlp/usr/servers/defaultServer/resources/security/myKey.jks], located in SSL configuration alias [customizeSSLConfig]. The extended error message from the SSL handshake exception is: [PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target].
I have added following in server.xml file
Is there something I missed?