Question

5
Replies
3003
Views
Close popover
Krishna Rai (KrishnaR2370)
Citigroup Inc
Technology Project Manager
Citigroup Inc
IN
KrishnaR2370 Member since 2017 9 posts
Citigroup Inc
Posted: February 12, 2018
Last activity: May 7, 2018
Closed
Solved

Certificate invalid path error

Problem Summary –

  • As part of CICD implementation using prpcserviceutils command line tool, we are not able to establish operator connectivity using secure http.

For e.g. – we have used serviceConnection.properties file with contents like below –

  • cat serviceConnection.properties

DefaultSystem1.pega.rest.server.url=https://hostname:port/prweb/PRRestService  Must to use secure http URl for UAT and PROD env

  1. The error which we receive while performing product export –
  • Using command - sh prpcServiceUtils.sh export --connPropFile serviceConnection.properties
  • With above command the build fais with error as –

[java] java.security.cert.CertPathValidatorException: The certificate issued by CN=Citi Root CA G2 UAT, O=Citigroup Inc., C=US is not trusted; internal cause is: [java] java.security.cert.CertPathValidatorException: Certificate chaining error

[java] Error Messages : REQUEST_EXECUTION_ERROR com.pega.pegarules.serviceclient.exception.PRPCServiceException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Steps to reproduce the error –

  • Very much possible – the CICD setup is available on DEV servers and problem can be reproduced when required

Troubleshooting steps performed so far –

  • Ordered JKS certificate and imported on server successfully. No issues here
  • Added following JVMs at WebSphere application server to establish imported JKS connectivity with Pega application and UI (https URL)
  • -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.keyStore=/CPR/app2app/cert/keystore.jks -Djavax.net.ssl.keyStorePassword=xxxxx -Djavax.net.ssl.trustStore=/CPR/app2app/cert/truststore.jks -Djavax.net.ssl.trustStorePassword=xxxxx
  • After updating above JVMs we have restarted the application instance on websphere server. During node startup we get following error –

Present status -

  • CICD pipeline works well with http however it is failing for certificate errors for HTTPS operator connectivity as highlighted above.

Also, the Pega SR – C10592 has been updated with details and awaiting a response.

DevOps Support Case Exists
Moderation Team has archived post,
Close popover This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.