CACert update: Could not obtain server certificate chain

I built solution to work with authorize.net – few months later, now ready to implement, I cannot use cfhttp to call the endpoint: apitest.authorize.net/xml/v1/request.api

The error I’m getting:

Unknown host: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Entrust is the CA - so I downloaded Entrust Root Certificate Authority—EC1:
https://www.entrustdatacard.com/pages/root-certificates-download

I updated /cacerts

keytool -import -alias entrustec1ca -keystore /path/cacerts -file /downloadpath/entrust_ec1_ca.cer

This caused the existing CA to be replaced. I confirmed that the cert had been updated:
keytool -list -v -keystore /path/cacerts > /downloadpath/java_cacerts.txt

This makes absolutely no differnce Lucee still complains with the same error.

Hoping someone can help - I’m at a loss to understand why this isn’t working…

Lucee 4.5.5.006

Ok, of course - developer issues!

In Lucee Admin - the SSL Certificates – the mistake I was making, when checking to see if the CA existed, I was using the full endpoint: apitest.authorize.net/xml/v1/request.api

This always fails… Instead, using just the root url: apitest.authorize.net
Lucee lists the certs properly and I can then install the certs from this page.

Note that I also had to install the certs from: accesstest.authorize.net

Lucee rocks.

1 Like

Thanks for posting your solution here and sharing with others that might have a similiar issue. Have a good day!

1 Like

FYI. I redid AuthNetTools from cf-ezcart.com to work with the new Authorize.net API. I used some of his code, so he still owns it. If you have a license you can contact them about maybe using it. I am trying to see if he wants to release to public domain since he wanted to get out of the business. Haven’t heard anything definitive yet.

I’ve actually completed our integration but well done - the more for the community the better I say.