[28.04.2011 10:23:03:237 EEST] 00000033 WSX509TrustMa E CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN “CN=www.aaa.com, OU=BIM, O=XXXXXX., L=Iskenderun, ST=Hatay, C=TR” was sent from target host:port “127.0.0.1:443”. The signer may need to be added to local trust store “/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/config/cells/isdmzwas1Cell01/trust.p12” located in SSL configuration alias “NodeDefaultSSLSettings” loaded from SSL configuration file “security.xml”. The extended error message from the SSL handshake exception is: “PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error”.
[28.04.2011 10:23:03:239 EEST] 00000033 SystemOut O
Solution :
When we are connecting to a remote server from WAS and through SSL, WAS server must trust on the remote server. To get this, we must configure WAS to trust on
the certificate being sent by the remote server during the connection.
Follow next instructions to retrieve the signer certificates from the remote host you are trying to connect and adding them to the WAS server trust store
turanunes
Turan on Wordpress 
Leave a comment