Siebel IP2017 Installing Signed Certificates into Application Container Keystore renders HTTPS URL Inaccessible

(Doc ID 2416946.1)

Last updated on JUNE 28, 2018

Applies to:

Siebel CRM - Version 17.0 [IP2017] and later
Information in this document applies to any platform.

Symptoms

On : 18.4 version, Security / Authentication

When attempting to access Siebel HTTPS URL after setting up signed certificates, URL does not come up and the following error occurs.

ERROR
-----------------------
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Create keystore using Doc ID: 2294567.1.
2. Procure the signed certificates from third party CA and import the certificate chain into the keystore.
3. Trust the certificate and verify the certificate installation using keytool utility.
4. Replace the siebel_keystore.jks under $AI_HOME/applicationcontainer/siebelcerts/siebel_keystore.jks with the imported signed certificate keystore.
5. Restart Tomcat Services.

BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, users cannot proceed with the signed certificate and this was causing a setback.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms