My Oracle Support Banner

Invoking Secured WebService From MFT CS Fails With Error - "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExceptiont" (Doc ID 2389258.1)

Last updated on MAY 04, 2018

Applies to:

Oracle Managed File Transfer Cloud Service - Version 16.1.3 and later
Information in this document applies to any platform.

Symptoms

While calling secured webservice as target from MFT / MFT CS Instance, it fails and logs shows the below exception trace. 

ERROR
-----------------------
MFT-5401_MFT Service

MFTException [threadName=JCA-work-instance:JMSAdapter-1, errorID=5c6a7577-f87e-4120-8d14-e3d74e3ac6e6, errorDesc=MFT-5401_MFT Service could not deliver message to Web Service endpoint https://<hostname>/SilkRoadEnterpriseProject/Services/Proxy/Service_PS., cause=javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Stack trace:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:167)
at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3580)
at HTTPClient.HttpOutputStream.closeImpl(HttpOutputStream.java:461)
at HTTPClient.HttpOutputStream.access$000(HttpOutputStream.java:99)
at HTTPClient.HttpOutputStream$1.run(HttpOutputStream.java:417)
at HTTPClient.HttpClientConfiguration.doAction(HttpClientConfiguration.java:1083)
at HTTPClient.HttpOutputStream.close(HttpOutputStream.java:415)
at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.sendMessage(HttpSOAPConnection.java:1220)
at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.post2(HttpSOAPConnection.java:629)
... 31 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
... 47 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 53 more



STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. call secured webservice (https) from MFT CS Target and note it fails with the reported error.
 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.