Invoking Secured WebService From MFT CS Fails With Error - "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExceptiont"

(Doc ID 2389258.1)

Last updated on MAY 04, 2018

Applies to:

Oracle Managed File Transfer Cloud Service - Version 16.1.3 and later
Information in this document applies to any platform.

Symptoms

While calling secured webservice as target from MFT / MFT CS Instance, it fails and logs shows the below exception trace. 

ERROR
-----------------------
MFT-5401_MFT Service

MFTException [threadName=JCA-work-instance:JMSAdapter-1, errorID=5c6a7577-f87e-4120-8d14-e3d74e3ac6e6, errorDesc=MFT-5401_MFT Service could not deliver message to Web Service endpoint https://<hostname>/SilkRoadEnterpriseProject/Services/Proxy/Service_PS., cause=javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Stack trace:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:167)
at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3580)
at HTTPClient.HttpOutputStream.closeImpl(HttpOutputStream.java:461)
at HTTPClient.HttpOutputStream.access$000(HttpOutputStream.java:99)
at HTTPClient.HttpOutputStream$1.run(HttpOutputStream.java:417)
at HTTPClient.HttpClientConfiguration.doAction(HttpClientConfiguration.java:1083)
at HTTPClient.HttpOutputStream.close(HttpOutputStream.java:415)
at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.sendMessage(HttpSOAPConnection.java:1220)
at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.post2(HttpSOAPConnection.java:629)
... 31 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
... 47 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 53 more



STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. call secured webservice (https) from MFT CS Target and note it fails with the reported error.
 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms