MySQL Enterprise Monitor (MEM) LDAP failure with "PKIX path building failed" SSL Error (Doc ID 1438513.1)

Last updated on JULY 03, 2016

Applies to:

MySQL Enterprise Monitor - Version 2.3 and later
Information in this document applies to any platform.
This will primarily affect MEM installations using SSL connections.


Symptoms


On : 2.3 version, External Dependency

When attempting to authenticate the MEM user accounts via Active Directory, the following error occurs.

ERROR
-----------------------
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 13 more


STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Install MEM Service Manager and configure to use the SSL protocol for connections
2. Use proper certificates instead of the self-signed certificates that come with MEM
3. Don't install the CA certificates into Tomcat for use

BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, users cannot effectively run MEM Service Manager as the SSL protocol is failing.

Changes

One possible cause is that the default certificate authority is changed to an internal one within the organisation without updating details for MEM.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms