This article provides guidance and troubleshooting tips for addressing SSL issues in Smart ID Digital Access component.
Problem
The error you are encountering, SunCertPathBuilderException: unable to find valid certification path to requested target
, typically occurs when Java is unable to establish a secure connection because it cannot find a valid certification path to the SSL certificate presented by the target server. This usually happens due to one of the following reasons.
The root CA certificate has not been included as a trusted CA certificate in Digital Access.
The intermediate CA certificates are not being presented by the remote server.
The root CA certificate has been cross signed by another CA.
Action
To address this issue, you can try the following steps
You can add the root CA certificate to the trusted CA certificates list in Digital Access.
You can ensure that the intermediate CA certificates are properly configured and presented by the remote server. If the intermediate CA certificates are missing, they should be obtained from the Certificate Authority and properly installed on the server.
You can confirm that both cross-signed certificates are included in the trust store of the systems where verification is required.
Troubleshoot using OpenSSL
Ensure that trust store contains the root CA , Intermediate and public server certificate for the SSL handshake to success. You may need to obtain the certificates chain from the server administrator and import it into trust store.
Fetching certificates using OpenSSL
Ensure you have ‘
OpenSSL
‘ utility in your system.Type this command: (replace x with appropriate IP address).
openssl s_client -connect 192.168.x.xxx:443 -showcerts
Copy the public certificate and its chain. Create a .cer file out of it and add it into the Digital Access’s trust store.
Additional checks
Check Network Configuration
Sometimes, SSL errors can be caused by network issues such as proxy misconfigurations or firewall restrictions. Make sure your network configuration allows connections to the target server.
Review Logs
Look at the application logs for more specific information about the SSL error. It might provide additional clues about what's causing the issue.