When trying to promote a project or resource on a system that was accessed through a secure connection, they receive an error message.
com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
On the destination GoAnywhere server, click on the Tools menu. Then Click on ‘Manage SSL Certificates’. Open the ‘Default private key’ and click on the appropriate key. Then Export the certificate to your desktop. You may wish to highlight the alias & copy it to your clipboard as you will need it later.
Next, on the Source GoAnywhere server, Click on the Tools Menu and then click on Manage SSL Certificates. Click on “Default Trusted Certificate” and then “Import” the file from your desktop.
The last step is to restart the GoAnywhere MFT Service / Subsystem. Restarting will pull in the newly imported certificates and now you should be able to promote using a secure connection.
In MFT versions 5.6.0 or later you will need to export the certificate chain from the "Destination" MFT server inside the corresponding JKS (Java Key Store) or PKCS12 (Public-Key Cryptography Standards) key store. You can verify which key store that the certificate exists inside by navigating to System > Admin Server > Click on the Pencil icon next to Administrator Server (Hover tip displays Edit) > Navigate to the Secured Listener in which you are trying to promote to > Click on the SSL Tab and note the Key Store File location and the Certificate Alias. Next you will navigate to the Key Store File location via Encryption > File Based Keys > Certificates > Open Key Store. Once you are inside the desired key store you will click on the cog wheel next to the Certificate Alias you noted earlier and select Export > Certificate Chain. It will export as a .p7b file.
Now you need to navigate to the "Source" MFT server and import the .p7b file into the KMS (Key Management System) by navigating to Encryption > Key Management System > Click the cog wheel next to the System Key Vault > Manage Certificates > Import. Here you will select the file format of Certificate (.crt or .cer) and choose your .p7b file as the Import file. Next you need to give it a name (It is suggested to use the original Certificate Alias that you exported from the other MFT server for quick reference). After doing this you should click on import and once it is successful you will need to restart your GoAnywhere MFT Service / Subsystem on the “Source” MFT server. Restarting will pull in the newly imported certificates and now you should be able to promote using a secure connection.
For information on how to stop & start GoAnywhere view the following forum topic:
https://forum.goanywhere.com/viewtop ... &t=35&p=35