CACert update: Could not obtain server certificate chain

extrao · November 2, 2019, 2:33am

I built solution to work with authorize.net – few months later, now ready to implement, I cannot use cfhttp to call the endpoint: apitest.authorize.net/xml/v1/request.api

The error I’m getting:

Unknown host: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Entrust is the CA - so I downloaded Entrust Root Certificate Authority—EC1:
https://www.entrustdatacard.com/pages/root-certificates-download

I updated /cacerts

keytool -import -alias entrustec1ca -keystore /path/cacerts -file /downloadpath/entrust_ec1_ca.cer

This caused the existing CA to be replaced. I confirmed that the cert had been updated:
keytool -list -v -keystore /path/cacerts > /downloadpath/java_cacerts.txt

This makes absolutely no differnce Lucee still complains with the same error.

Hoping someone can help - I’m at a loss to understand why this isn’t working…

Lucee 4.5.5.006

extrao · November 2, 2019, 3:17am

Ok, of course - developer issues!

In Lucee Admin - the SSL Certificates – the mistake I was making, when checking to see if the CA existed, I was using the full endpoint: apitest.authorize.net/xml/v1/request.api

This always fails… Instead, using just the root url: apitest.authorize.net
Lucee lists the certs properly and I can then install the certs from this page.

Note that I also had to install the certs from: accesstest.authorize.net

UPDATE: This addresses the issue without having to download any certs via the admin:

Lucee rocks.

andreas · November 2, 2019, 8:27am

Thanks for posting your solution here and sharing with others that might have a similiar issue. Have a good day!

kabutotx · November 2, 2019, 6:02pm

FYI. I redid AuthNetTools from cf-ezcart.com to work with the new Authorize.net API. I used some of his code, so he still owns it. If you have a license you can contact them about maybe using it. I am trying to see if he wants to release to public domain since he wanted to get out of the business. Haven’t heard anything definitive yet.

extrao · November 2, 2019, 6:26pm

I’ve actually completed our integration but well done - the more for the community the better I say.