Remedy AR System Server- Error using SSL: "...PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

Knowledge Article

Remedy AR System Server- Error using SSL: "...PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
"...PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
Remedy AR System Server
AR System
Remedy AR System Server SSL Certificate - AR Server 9.1.03 or earlier

  • While to consuming the third party web service via a Remedy SetFields Webservice filter.  the following error is observed:

  • Getting a certificate error while calling a Webservice


.................................
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
.................................
Message not in catalog; Message number = 9130: ; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (ARERR 9130)
.................................
User-added image
Not able to connect with the endpoint because the certificate is not installed in the ar server
This knowledge article may contain information that does not apply to version 21.05 or later which runs in a container environment. Please refer to Article Number 000385088 for more information about troubleshooting BMC products in containers.

NOTE:   This article applies to AR Server 9.1.03 or earlier.  

We need to make sure the certificate is being used by the ar server

Step 1:
Identify the JRE path in being used for ARS. This can be checked in the armonitor.cfg/armonitor.conf

Step 2:
Execute the below command :
keytool –import –v –alias {new alias for the certificate} -file {full path to the certificate} –keystore {Path from the JRE being used by ARS \lib\security\cacerts}


If you are having problems loading the wsdl in dev studio, you may need to add a parameter in Dev Studio
> Open {DevStudioInstallPath}\devstudio.ini and add:
-Djavax.net.ssl.trustStore={Path from the JRE being used by the ARS\lib\security\cacerts}


To actually test if the current certificate works as expected please check the utility from this article:
Remedy - Server/Web - Checking SSL connection out of remedy using SSL Poke utility
Remedy AR System Server
AR System
Remedy AR System Server SSL Certificate - AR Server 9.1.03 or earlier
Remedy AR System Server
AR System
Remedy AR System Server SSL Certificate - AR Server 9.1.03 or earlier
Attachment(s):