Symantec Access Management

 View Only
Expand all | Collapse all

Custom Auth Scheme remote request needs Certificate chain

  • 1.  Custom Auth Scheme remote request needs Certificate chain

    Posted Jun 15, 2018 01:10 PM

    I wrote a Custom authentication scheme in siteminder and am making a POST request to verify an additional attribute on a form.  When I make the request to an external server I am getting a certificate error (listed below).   I tried updating the certificate on the Policy Server UI but that didn't work.  

     

    Does anyone know where else to update the certificate to get rid of the following error message?

     

    sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

     

    Thanks!

    P



  • 2.  Re: Custom Auth Scheme remote request needs Certificate chain

    Broadcom Employee
    Posted Jun 18, 2018 03:02 AM

    Hi Paul,

     

    The error :

     

    sun.security.validator.ValidatorException: PKIX path building failed:

    sun.security.provider.certpath.SunCertPathBuilderException: unable to
    find valid certification path to requested target

    is triggered by handling the certificate from your backend store for ssl.

     

    As I understand, the Custom Authentication scheme open the ssl
    connection to the backend server.

     

    Where have you set the backend server ? In the AdminUI or in the
    cert8.db file of the Policy Server installation ?

     

    Does the Policy Server JDK installation is configured with JCE patches ?

     

    Best Regards,

    Patrick