javax.net.ssl.SSLHandshakeException PKIX path building failed

Document ID : KB000107767
Last Modified Date : 24/07/2018
Show Technical Document Details
Issue:
While running actions that execute against https urls I get: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Environment:
CA Release Automation Agent v5.x and 6.x
Cause:
The CA Release Automation Agent will generate the error message (also seen in the nolio_all.log) when it tries to access an https site that it does not have a certificate for (needed to establish a proper SSL handshake). 
Resolution:
  1. Download the certificate from the site in question.
  2. If necessary, convert the certificate obtained in step #1 into an x509 format that can be imported into a java keystore (see additional info section below).
  3. Import the certificate into the agents java keystore. You can do this by opening a command prompt on the artifact retrieval agent machine and:
    1. cd <NolioAgentInstallationFolder>
    2. jre/bin/keytool -importcert -file <fileFromStep2> -keystore jre/lib/security/cacerts -alias <aliasNameOfYourChoosing>
  4. Restart the agent service.
Additional Information:

Regarding Step 2 (in the resolution section), please note the following keytool guidelines for importing certificates:

https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html#keytool_option_importcer