Client application sending a request to the VSM and receiving the exception PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Document ID : KB000094924
Last Modified Date : 16/10/2018
Show Technical Document Details
Issue:
After enabling 'Use SSL to Client' in the VSM, Listener step, I am able to send a request from DevTest Workstation and receive a valid response.
However, when sending a request from a different client application I receive the following exception:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Environment:
All Supported DevTest Releases.
Cause:
Whenever Java attempts to connect to another application over SSL, it will be able to connect to that application if it can trust it.
The way trust is handled in the Java is that you have a truststore, typically $JAVA_HOME/lib/security/cacerts, that contains a list of all known Certificate Authority (CA) certificates, and Java will trust certificates that are signed/ issued by one of those CAs that exist within this truststore.

In this case, the client application did not know about the keypair issuer for the keystore being used with the VSM.
Resolution:
Export the certificate for the keypair used in the VSM and import this certificate to the client application truststore.
The client application needs to be restarted after this modification.
Additional Information:
To manipulate a Java Keystore you can use keytool, https://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html, or Portecle, a user-friendly GUI application for creating, managing and examining keystores - http://portecle.sourceforge.net/.

For more information regarding DevTest and SSL, please verify the following link: https://communities.ca.com/docs/DOC-231172116-of-ssl-java-and-devtest

For more information regarding the HTTP/S Listener step and options, please verify our documentation in the link below:
https://docops.ca.com/devtest-solutions/10-3/en/using/using-ca-service-virtualization/using-devtest-workstation-with-ca-service-virtualization/editing-a-vsm/virtual-http-s-listener-step