You are currently reviewing an older revision of this page.
Making a call to an external server over HTTPS or LDAPS fails because the application server does not trust the CA which was used to sign the certificate the external server presents. The following error will be seen in the application server log:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This is because the certificate being presented by the external server is not trusted by the application server for one of the following reasons:
Use the following command to import the certificate into the default JDK trust store:
Linux
$JAVA_HOME/bin/keytool -import -trustcacerts -file #PATH TO FILE# -alias ##ALIASNAME## -keystore $JAVA_HOME/jre/lib/security/cacerts
Windows
"%JAVA_HOME%\bin\keytool" -import -trustcacerts -file #PATH TO FILE# -alias ##ALIASNAME## -keystore "%JAVA_HOME%\jre\lib\security\cacerts"
If importing multiple certificates, make sure that the alias is different for each command. The alias can be anything and is just a name in this case, usually the name this certificate was issued for.
To verify if the import has been done, run the following command:
$JAVA_HOME/bin/keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts | grep ##ALIASNAME##
"%JAVA_HOME%\bin\keytool" -list -keystore "%JAVA_HOME%\jre\lib\security\cacerts" | findstr ##ALIASNAME##
The above command (without the | grep ##ALIASNAME## or | findstr ##ALIASNAME##) can also be used to check what certificates are currently in the trust store. These are the default trusted certificates that come up with a standard installation of Java.
| grep ##ALIASNAME##
| findstr ##ALIASNAME##
After importing the certificate into the JDK trust store, perform an application server restart to load the certificate.
Importing certificates into the Java TrustStore is not supported on Appian Cloud.
Note: Anything provided in the app market is provided as-is, and the functionality cannot be guaranteed by Appian.
This article applies to all versions of Appian.
Last Reviewed: May 2018