Lucee SSL / PKIX path building failed


#1

Hello everybody,
I would like to use a Java Client (Internet Payment Gateway) from TeleCash / First Data with Lucee 5.2.9.31.
The use of the Java Classes by creating CF objects in Lucee is working well.

In addition to various certificates, the client requires the use of a special truststore, which is delivered with the client.

If I try to connect to the TeleCash web service, I get the error:
Lucee 5.2.9.31 Error (javax.net.ssl.SSLHandshakeException)
Message
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Therefore, I suspect that Lucee wants to access the truststore to validate the certificates, which does not work because it is not known to Lucee.

After unsuccessfully trying to bind the truststore.jks file with -Djavax.net.ssl.trustStore / -Djavax.net.ssl.trustStorePassword to the JVM, I found that Lucee uses its own truststore, which is located in the file lucee-server/context/security/cacerts.

When I try to add the TeleCash truststore.jks with
sudo keytool -import -trustcacerts -file truststore.jks -also TeleCash -keystore cacerts
I get the error message: Keytool error: java.lang.Exception: Input no X.509 certificate

That’s ok because there are no X.509 certificates in the truststore.jks file.

My question:
How can I bind the TeleCash truststore.jks to Lucee so I can use the TeleCash Java Client with Lucee?

Many Thanks!
Rolf