OPSS - Getting JPS-00027: There was an internal error: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (Doc ID 2224897.1)

Last updated on JANUARY 26, 2017

Applies to:

Oracle Platform Security for Java - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

ALL database connections SSL and PKI enabled due use case requirement.

Using SSL with the DB connection in the jps-config.xml using the following

For "normal" connections, like a data sources inside the WebLogic server, the double quotes work just fine.

However, for the jps-config.xml file, which is an XML file type, you cannot put double quotes inside double quotes when value="..." without somehow escaping the double quotes in the middle.

<property name="jdbc.url" value="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=db.server.host)(PORT=2484))(CONNECT_DATA=(SID=dev))(SECURITY=(SSL_SERVER_CERT_DN='CN=db.server.host')))"/>

<property name="javax.net.ssl.keyStoreType" value="JKS"/>
<property name="javax.net.ssl.keyStore" value="/app/Oracle/Middleware/user_projects/domains/<your_domain>/certstore/keystore.jks"/>
<property name="javax.net.ssl.keyStorePassword" value="*****"/>
<property name="javax.net.ssl.trustStoreType" value="JKS"/>
<property name="javax.net.ssl.trustStore" value="/app/Oracle/Middleware/user_projects/domains/<your_domain>//certstore/truststore.jks"/>
<property name="javax.net.ssl.trustStorePassword" value="*****"/>
<property name="EncryptionMethod" value="loginSSL"/>

However the jdbc.url value would normally contain a set of double quotes for this section.

SSL_SERVER_CERT_DN='CN=db.server.host' but it is sitting inside XML.

Changing to a single quotes,  as seen above in the <property> tag, because are inside the value property in XML.

Tried as well to change them to

& quot ;
and
<![CDATA["]]>

Neither of which it accepted.

How can I escape the required double quotes?

When starting the admin server with single quotes, getting the following error, and received similar errors for the & quot ; and <![CDATA["]]> methods as well.

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Info: Data source is: opss-DBDS
[EL Severe]: 2016-03-07 11:02:20.992--ServerSession(1451531400)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLRecoverableException: IO Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Error Code: 17002
Mar 07, 2016 11:02:21 AM oracle.security.jps.internal.common.config.AbstractSecurityStore getSecurityStoreVersion
WARNING: Unable to get the Version from Store returning the default. Reason: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
[EL Severe]: 2016-03-07 11:02:21.383--ServerSession(1439227871)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLRecoverableException: IO Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Error Code: 17002
Mar 07, 2016 11:02:21 AM oracle.security.jps.internal.credstore.ldap.LdapCredentialStore init
WARNING: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-00027: There was an internal error: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-00027: There was an internal error: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Error: Diagnostics data was not saved to the credential store.
Error: Validate operation has failed.
Need to do the security configuration first!

 



Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms