Untrusted Certificate-chain reported when sending artifact o 3th party IDP

  • 7009461
  • 30-Sep-2011
  • 17-Feb-2015


Novell Access Management 3.1
Novell Access Management 3.1 Support Pack 3
Novell Access Manager 3.1 Access Administration


Customer had setup a SAML relationship to a 3th party IDP.
When sending the artifact to the defined ArtifactResolutionService endpoint en error was reported.

The catalina.out showed the following:
amLogEntry> 2011-02-31T09:34:50Z VERBOSE NIDS Application: Attempting to connect to URL: https://test1.example1.com/opensso/ArtifactResolver/metaAlias/nl/idp via POST </amLogEntry>

<amLogEntry> 2011-02-31T09:34:50Z DEBUG NIDS Application:
Method: URLUtil.connectToURL
Thread: http-
Error connecting to URL java.security.cert.CertificateException: Untrusted Certificate-chain </amLogEnt


The certificate that was assigned to the ArtifactResolutionService endpoint was different from the one that was defined in the imported metadata and hence the trusted roots didn't match.
Getting updated metadata from the 3th party IDP with the correct certificate listed and the import of the matching trusted root certificates the problem was resolved.