HTTP job results in HTTP transport error: javax.net.ssl.SSLHandshakeException

Document ID : KB000019745
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

When running HTTP job, the job fails with "HTTP transport error: javax.net.ssl.SSLHandshakeException
: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target "
The error indicates that the agent is missing the proper SSL certificate in the keystore.

Solution:

Users can import their own SSL certificate to run HTTP jobs. To run the HTTP job using Application Services agent, the user must import the SSL certificate in the proper keystore. The default keystore for the agent is located in the <agent_install_directory>/jre/lib/security. The keystore file is called cacerts. The following commands will allow the user to import their own certificate.


 	cd <agent_install_directory>/jre/bin     
  	./keytool -import -file /tmp/customer.cer -keystore <agent_install_directory>/jre/lib/security/cacerts 
  	Enter keystore password: 
  	Re-enter new password:

The initial password for keystore is 'changeit'. Enter it twice as shown in the above example. The password can be changed using the following command:


 	keytool -storepasswd -keystore <agent_install_directory>/jre/lib/security/cacerts     
 	Enter keystore password: <enter old or current password> 
 	New keystore password: 
 	Re-enter new keystore password: