PKIX path building failed
Posted: Thu Sep 21, 2017 2:03 pm
Question:
I’m receiving the error “PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target” on a HTTPS connection. How do I resolve this?
Answer:
This means that GoAnywhere has encountered an SSL certificate it does not trust. You will need to obtain the head certificate and potentially intermediary CA certificates from the host you are connecting to, then import them into the GoAnywhere Trusted Certificate Store. This can be located under Encryption->SSL Certificate Manager->Import.
You can also use a browser to review the SSL certificate chain from the website you are connecting to. There are options within Firefox that allow you to export the head certificate from a chain into a file, which can then be used to import into GoAnywhere. Depending how you encountered this error message, it may require a restart of the GoAnywhere application in order to load/refresh the Trusted Certificates key store, and trust the imported SSL certificates.
Addendum 2/19/19
In MFT versions 5.6.0 or later you will need to import to the Key Management System by navigating to Encryption > Key Management System > Click the cog wheel next to the System Key Vault > Manage Certificates > Import.
I’m receiving the error “PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target” on a HTTPS connection. How do I resolve this?
Answer:
This means that GoAnywhere has encountered an SSL certificate it does not trust. You will need to obtain the head certificate and potentially intermediary CA certificates from the host you are connecting to, then import them into the GoAnywhere Trusted Certificate Store. This can be located under Encryption->SSL Certificate Manager->Import.
You can also use a browser to review the SSL certificate chain from the website you are connecting to. There are options within Firefox that allow you to export the head certificate from a chain into a file, which can then be used to import into GoAnywhere. Depending how you encountered this error message, it may require a restart of the GoAnywhere application in order to load/refresh the Trusted Certificates key store, and trust the imported SSL certificates.
Addendum 2/19/19
In MFT versions 5.6.0 or later you will need to import to the Key Management System by navigating to Encryption > Key Management System > Click the cog wheel next to the System Key Vault > Manage Certificates > Import.