cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

CPI : unable to find valid certification path to requested target

Go to solution
prabhu_s2
Active Contributor

on ‎2020 Jan 21 5:10 PM

0 Kudos
23,368

Hi

I am using HTTPS call to an external service using postman which works fine [just basic auth] but when I use the same in CPI I come across the error:

java.net.ConnectException: General SSLEngine problem, cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Config is

Any thoughts on why this behavioural difference when running the interface from CPI and testing via Postman?

FYI - I enabled the debug and copied the actual URL from the http step and used in the browser with the same user id and pwd , which works

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
prabhu_s2
Active Contributor
‎2020 Jan 21 10:17 PM

HI raffael

thnkx, i had referenced the doc and working on it, but the other issue still not clear on why it is working in postman and not via cpi

Show replies
Show replies
former_member608139
Active Participant
‎2020 Jan 22 7:33 AM

Postman and SoapUI for example work like a web browser, during the "handshake" process they do the download automatcly during the communication with website, for example, if you insert the same address in your Web Browser you will see in the left side of the address the icon about the security and inside this icon the entire certification chain used for connect .

You just need take in your mind if the TLS connection over Https protocol works in different security options:
1 - Withou user authentication : in this case, just the certificates used in "hand shake" process between service consumer and Server side is validate, there is no private key involved and you just need insert this certificate chain in your CPI, not will be necessary to insert it in the channel

2- With Client authentication: Similiar to the step one, but you will need configure a user and password authentication ( all the information in the step one need to execute too )

3 - Sign CSRF - you need get the token by a request to server and use this token in the HTTP Header during your call ( you can use the both levels below )

4- Signed service consumer, in this case you will need a certificate with your PK (Private key) to create a digital signature to your message what will be validate by server side using a public key what you make available to him. in this case, you will need to import the certificate in CPI and use the pattern to sign your XML.

5 - Certificate validation - in the server side, one certificate will be configured for your user and you will need use this certificate in your communication channel ( can be use includeding all the options below )

There are another ways to make your connection secure, but i´m just to try to explain to you how many kind of security will be using a different types of configuration inside your integration

Ask a Question