When trying to connect to the LDAP server via SSL in Websphere, I encountered the following error:

used by:com.ibm.jsse2.util:KIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:

java.security.cert.CertPathValidatorException: The certificate issued by CN=VeriSign class 3 xxxxxxx [color=red]is not trusted[/color]; internal cause is:

java.security.cert.CertPathValidatorException: [color=red]Certificate chaining error[/color]

at com.ibm.jsse2.util.h.b(h.java:86)

at com.ibm.jsse2.util.h.b(h.java:2)

at com.ibm.jsse2.util.g.a(g.java:27)

check the data, it should be in the default trust store list did not add the address I connected to.

specific method

operates on the IBM Websphere console interface as follows:

[b]1# [/b] Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates > Retrieve from port

fill in the form entry: Host\Post\Alias

click: Retrieve signer information > Apply

[b]2# [/b] Security > SSL certificate and key management > Manage endpoint security configurations > Inbound(CellDefaultSSLSettings) > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port

fill in the form entry: Host\Post\Alias

click: Retrieve signer information > Apply

——————————————-
Note: if the CA certificate has already been imported into the keystore. If there is no import, search for import methods.

“reference” [url] http://stackoverflow.com/questions/27701181/certificate-chaining-error-in-websphere [/ url]