Error: unable to find valid certification path to requested target

Document ID:KM00205248
Creation Date:07-Oct-2012
Modified Date:12-May-2021
- Micro Focus Products:
  server automation

Summary

LDAP users unable to login into HPSA Java client. The problem can be corrected by configuring SA to use a valid path to the LDAP certificate..

Error

Using SA Java Client, the LDAP user receives the following error

javax.naming.CommunicationException: simple bind failed: 192.0.0.100:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Twist logs contain the full exception in /var/log/opsware/twist/server.log.0:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
        at sun.security.validator.Validator.validate(Validator.java:218)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
        ... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
        ... 18 more
2012-09-19 09:03:05,963 WARNING Thread-12 [com.opsware.fido.impl.externaluser.ExternalUserUtil] [getUserVOs] [Ljava.lang.StackTraceElement;@478b857c
2012-09-19 09:03:05,969 SEVERE Thread-12 [com.opsware.fido.impl.user.UserImpl] [verifyPassword] failed to update external user
ID for user SA_user. <message=''> simple bind failed: 192.0.0.100:636
2012-09-19 09:03:06,033 WARNING Thread-12 [com.opsware.login.LdapLoginModule] [verifyPassword] simple bind failed: 192.0.0.100:636

These errors prevent SA users whose login info is integrated/derived from LDAP from logging into the SA Ngui.

Cause

The error is thrown when an invalid certificate is used in twist LDAP configuration.

Fix

Use /opt/opsware/twist/ldap_config.sh to configure the path to a valid LDAP certificate.