Push notification is not working

Document ID : KB000092349
Last Modified Date : 19/04/2018
Show Technical Document Details
Introduction:
Google FCM certificate has a validity of one year and any solution using Google FCM service for Push notification has to replace the certificate before it gets expired.
Question:
Device registration is happening successfully but during authentication , push notification is not getting on the device

Below are the logs: 2018-04-19 12:40:11,931 [http-nio-8080-exec-6] INFO pns.fcm.SSLUtils(53) -> connection got successful 2018-04-19 12:40:11,971 [http-nio-8080-exec-6] ERROR aa.pns.PushNotificationService(90) -> Failed to notify device. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) at com.ca.sec.aa.pns.fcm.FCMPushService.sendNotification(FCMPushService.java:67) at com.ca.sec.aa.pns.fcm.FCMPushService.sendNotification(FCMPushService.java:294) at com.arcot.integrations.frontend.tasks.NotifierTask.executeTask(NotifierTask.java:151) at com.arcot.integrations.frontend.tasks.TaskEngine.invoke(TaskEngine.java:78) at com.arcot.integrations.frontend.tasks.TaskEngine.invoke(TaskEngine.java:39) at com.arcot.integrations.frontend.authmodules.impl.PUSHAuthSrvcIntegratorImpl.authenticate(PUSHAuthSrvcIntegratorImpl.java:255) at com.arcot.integrations.frontend.authmodules.helpers.controller.AuthenticationFlowManagerEngine.executeSecondaryAuthenticationFlow(AuthenticationFlowManagerEngine.java:186) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ... 51 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ... 57 more 2018-04-19 12:40:11,972 [http-nio-8080-exec-6] INFO aa.pns.PushNotificationService(302) -> error msg is : {"device":"dVEmfUoBNmc:APA91bFyNSAVcufOr1CQGi_skh0gVETLHivR6tFMbMIPO0by1_hJxgLD0dy0zwttbvcRw_fH2bKoDhkFVlVbpG9GhJldrUX5wBvurlx4hL5INqZkUvwjpkgzTdSGbCnC2f61H-NZz-P1","Exception":"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
Environment:
All
Answer:
Google FCM certificate has a validity of one year and any solution using Google FCM service for Push notification has to replace the certificate before it gets expired. I am attaching a document which talks about the solution, please review the document for the solution and there is a modified truststore as well which is attached here.
File Attachments:
Documents.zip