PKIX path building failed

View some of the Frequently Asked Questions to our support staff. Included are some tips and tricks making this forum ideal for users getting started with GoAnywhere MFT. Note: Users can reply to existing topics but only our support staff can add new topics to this forum.
2 posts Page 1 of 1

Support_Philip

User avatar
Site Admin
Posts: 43
Joined: Wed Jun 21, 2017 8:12 am

Post by Support_Philip » Thu Sep 21, 2017 2:03 pm
Question:

I’m receiving the error “PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target” on a HTTPS connection. How do I resolve this?

Answer:

This means that GoAnywhere has encountered an SSL certificate it does not trust. You will need to obtain the head certificate and potentially intermediary CA certificates from the host you are connecting to, then import them into the GoAnywhere Trusted Certificate Store. This can be located under Encryption->SSL Certificate Manager->Import.
You can also use a browser to review the SSL certificate chain from the website you are connecting to. There are options within Firefox that allow you to export the head certificate from a chain into a file, which can then be used to import into GoAnywhere. Depending how you encountered this error message, it may require a restart of the GoAnywhere application in order to load/refresh the Trusted Certificates key store, and trust the imported SSL certificates.

Addendum 2/19/19
In MFT versions 5.6.0 or later you will need to import to the Key Management System by navigating to Encryption > Key Management System > Click the cog wheel next to the System Key Vault > Manage Certificates > Import.
Philip Horn
Senior Support Analyst
e. [email protected]
p. 1-800-949-4696
w. GoAnywhere.com | HelpSystems.com

Support_Jerrod

Support Specialist
Posts: 11
Joined: Wed Dec 13, 2017 5:52 pm

Post by Support_Jerrod » Tue Sep 08, 2020 5:38 pm
If you’re receiving a PKIX error when attempting to connect to outlook.office365.com, the GoAnywhere support team has identified two Globalsign certificates that may be missing from the key vault or trust store. These two Globalsign certificates have been attached for your convenience. After the certificates have been imported (as outlined above), test your resource or project. If you are still encountering a PKIX error, you may need to restart the GoAnywhere service or subsystem.

Microsoft does maintain a list of root and intermediate certificates that you may encounter when working with one of their Office 365 services. When you receive a PKIX error when connecting to a Microsoft Office 365 service, it is because you’re missing one or more of the certificates listed here: https://docs.microsoft.com/en-us/micros ... -worldwide

Note: To identify which specific certificates are missing, there may be instances where support needs to enable SSL debug logging for the environment.
GlobalSignRootAndIntermediateCerts.zip
(2.38 KiB) Downloaded 865 times
Jerrod Foster
Support Analyst

e. [email protected]
p. 1.800.949.4696
w. HelpSystems.com
2 posts Page 1 of 1