Unable to connect to WebDAV Mirrored Folders over SSL using IBM JDK

  • 7007202
  • 12-Nov-2010
  • 27-Apr-2012


Novell Teaming 2.x
Novell Vibe OnPrem


When the WebDAV server that Teaming exposes through a mirrored folder has a valid CA certificate, SSL connections work without problem. A connection failure occurs when the following two conditions are true:
  1. The server has only self-signed certificate.
  2. The Teaming server is setup with IBM JDK
The following error may be observed:
com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by O=CARTTLAB2, OU=Organizational CA is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error

Note: The facility that accepts self-signed certificates works well when Teaming is running with Sun JDK, regardless of OS platform.


Perform these steps on the Teaming server:
  1. View the certificate by connecting over SSL (https) using a browser
  2. Export the certificate as a .der file
  3. Open the IBM Certificate Management utility iKeyman located at:
  4. Using the File Open icon, open the system-wide keystore (cacerts file) on your system located at:
    (Key Database type: JKS)
  5. When you are prompted for a password, use 'changeit' which is the default password the JDK is shipped with. If the default password was changed, please use that password instead.
  6. From the dropdown under 'Key Database Content', select 'Signer Certificates'.
  7. Use the 'Add' button on the right to import the new certificate saved in step 2 above, and give it an appropriate alias. 
  8. Close the system-wide keystore which will automatically save the changes
  9. Restart your Teaming service (as per instructions for your Server OS) for the changes to take effect. 
  10. Perform a manual sync of the Mirrored Folder to verify that the above changes have fixed the connection problem.