CACert update: Could not obtain server certificate chain

I built solution to work with – few months later, now ready to implement, I cannot use cfhttp to call the endpoint:

The error I’m getting:

Unknown host: PKIX path building failed: unable to find valid certification path to requested target

Entrust is the CA - so I downloaded Entrust Root Certificate Authority—EC1:

I updated /cacerts

keytool -import -alias entrustec1ca -keystore /path/cacerts -file /downloadpath/entrust_ec1_ca.cer

This caused the existing CA to be replaced. I confirmed that the cert had been updated:
keytool -list -v -keystore /path/cacerts > /downloadpath/java_cacerts.txt

This makes absolutely no differnce Lucee still complains with the same error.

Hoping someone can help - I’m at a loss to understand why this isn’t working…


Ok, of course - developer issues!

In Lucee Admin - the SSL Certificates – the mistake I was making, when checking to see if the CA existed, I was using the full endpoint:

This always fails… Instead, using just the root url:
Lucee lists the certs properly and I can then install the certs from this page.

Note that I also had to install the certs from:

UPDATE: This addresses the issue without having to download any certs via the admin:

Lucee rocks.

1 Like

Thanks for posting your solution here and sharing with others that might have a similiar issue. Have a good day!

1 Like

FYI. I redid AuthNetTools from to work with the new API. I used some of his code, so he still owns it. If you have a license you can contact them about maybe using it. I am trying to see if he wants to release to public domain since he wanted to get out of the business. Haven’t heard anything definitive yet.

I’ve actually completed our integration but well done - the more for the community the better I say.