SSL Cert Issue (cert storage)

Hey guys. We are getting the following error:

Unknown host: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

We have come across this in the past and can fix it using “sslCertificateInstall()”, but we wanted to know where cert info / trusted store is stored. Is it within Lucee, Java or Tomcat? We have updated Java and Lucee and still are getting the error.

Also, when we are on the topic, does sslCertificateInstall() create a new record or replace the previous record. Guess what I’m asking is can we use it over and over without being an issue.

Thanks in advance.

OS: Linux (amzn1.x86) 64bit
Java Version: 1.8.0_292
Tomcat Version: 8.5.23
Lucee Version: 5.3.8.189

in 5.3 it’s under C:\lucee\tomcat\lucee-server\context\security\cacerts

in 6.0 Lucee will default to using the jvm bundled cacerts

Thank you very much sir! Does sslCertificateInstall() write a new record or replace the previous record? Also, is there a way to list / check cacerts for a domain?

I like to point this out when I see the PKIX path building failed error that importing the cert is not always the best solution. I wrote up details here: How to Resolve Java HTTPS Exceptions if the server you are trying to connect to is not using a self signed cert, then the problem is probably that the server is missing the intermediate cert. You can do a quick test here: https://whatsmychaincert.com/ It is a very common configuration issue.

1 Like