Question:
I’m receiving the error “PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target” on a HTTPS connection. How do I resolve this?
Answer:
This means that GoAnywhere has encountered an SSL certificate it does not trust. You will need to obtain the head certificate and potentially intermediary CA certificates from the host you are connecting to, then import them into the GoAnywhere Trusted Certificate Store. This can be located under Encryption->SSL Certificate Manager->Import.
You can also use a browser to review the SSL certificate chain from the website you are connecting to. There are options within Firefox that allow you to export the head certificate from a chain into a file, which can then be used to import into GoAnywhere. Depending how you encountered this error message, it may require a restart of the GoAnywhere application in order to load/refresh the Trusted Certificates key store, and trust the imported SSL certificates.
Addendum 2/19/19
In MFT versions 5.6.0 or later you will need to import to the Key Management System by navigating to Encryption > Key Management System > Click the cog wheel next to the System Key Vault > Manage Certificates > Import.
PKIX path building failed
View some of the Frequently Asked Questions to our support staff. Included are some tips and tricks making this forum ideal for users getting started with GoAnywhere MFT. Note: Users can reply to existing topics but only our support staff can add new topics to this forum.
-
- Support_Philip Offline
- Site Admin
- Posts: 43
- Joined: Wed Jun 21, 2017 8:12 am
PKIX path building failed
Philip Horn
Senior Support Analyst
e. [email protected]
p. 1-800-949-4696
w. GoAnywhere.com | HelpSystems.com
Senior Support Analyst
e. [email protected]
p. 1-800-949-4696
w. GoAnywhere.com | HelpSystems.com
- Support_Jerrod Offline
- Support Specialist
- Posts: 11
- Joined: Wed Dec 13, 2017 5:52 pm
Re: PKIX path building failed
If you’re receiving a PKIX error when attempting to connect to outlook.office365.com, the GoAnywhere support team has identified two Globalsign certificates that may be missing from the key vault or trust store. These two Globalsign certificates have been attached for your convenience. After the certificates have been imported (as outlined above), test your resource or project. If you are still encountering a PKIX error, you may need to restart the GoAnywhere service or subsystem.
Microsoft does maintain a list of root and intermediate certificates that you may encounter when working with one of their Office 365 services. When you receive a PKIX error when connecting to a Microsoft Office 365 service, it is because you’re missing one or more of the certificates listed here: https://docs.microsoft.com/en-us/micros ... -worldwide
Note: To identify which specific certificates are missing, there may be instances where support needs to enable SSL debug logging for the environment.
Microsoft does maintain a list of root and intermediate certificates that you may encounter when working with one of their Office 365 services. When you receive a PKIX error when connecting to a Microsoft Office 365 service, it is because you’re missing one or more of the certificates listed here: https://docs.microsoft.com/en-us/micros ... -worldwide
Note: To identify which specific certificates are missing, there may be instances where support needs to enable SSL debug logging for the environment.