Issue on LDAP via SSL: Getting "unable to find valid certification path to requested target" error.

Document ID : KB000039403
Last Modified Date : 14/02/2018
Show Technical Document Details

 Symptom:

 EM authentication is enabled and realms.xml file is setup as documented to use LDAP via SSL. However, when user tries to login to the Workstation, a dialog window titled  "Enterprise Manager Login Error" pops up showing "Error authenticating user <username>...[Root exception is javax.net.ssl.SSLHandshakeException:  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path  to requested target."

 

 Environment:

 CA APM 10.1: Fresh new install. No EEM.

 

 Cause:

 Cert has not been imported (registered) into the keystore in the Java directory.

 

 Resolution:

  for Linux/Unix: run "keytool -import -noprompt -trustcacerts -alias PHI-CA2 -file "/opt/wily/<filename>.cer" -keystore  "/opt/wily/test/EM/Introscope10.1.0.15/jre/lib/security/cacerts" -storepass changeit"

  or for Windows: go to Start > run > certmgr.msc > Trusted Root Certification Authorities > Certificates > <filename>.cer and register the certificate in keystore.

 

 Additional Information:

  https://docops.ca.com/ca-apm/10-1/en/administrating/apm-security/securing-introscope/securing-introscope-using-ldap