1.  Home
  2. WEB400
  3. February 2025

Re: SSL Certificate error when accessing API from IBM i

Importing the certificate into the Java keystore resolved the issue.  I supppose that means the application that was making the connection to the API is using the keystore rather than the DCM.
This is the Qshell command we used.keytool -import -file  /QIBM/UserData/ICSS/Cert/Upload/2025.cer -alias CertAuth -keystore                                                     /QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre/lib/security/cacerts -storepass changeit -noprompt
Thanks so much for your help, Alan!
On Tuesday, February 4, 2025 at 11:41:31 PM EST, Alan Seiden <alan@xxxxxxxxxxxxxxx> wrote:

Nick,
The external API may have changed its Certificate Authority (CA) to one that your DCM or Java store doesn’t contain. For example, by default, the IBM i does not include CA certificates from LetsEncrypt. If so, this tutorial explains how to find out:https://docs.bvstools.com/home/ssl-documentation/exporting-certificate-authorities-cas-from-a-websiteand how to import into DCM:https://docs.bvstools.com/home/ssl-documentation/importing-a-certificate-authority-ca-newand into a Java keystore.https://www.ibm.com/support/pages/configuring-ibm-i-java-client-applications-tlshttps-secure-communications
Let us know if this helps.

Alan Seidenhttps://www.seidengroup.com


On Feb 4, 2025, at 3:54 PM, Nick Stoltzfus via WEB400 <web400@xxxxxxxxxxxxxxxxxx> wrote:
We're getting the error below when we try to connect to an external API from the IBM i.  We were previously able to connect to it without error and without downloading anything to the IBM i or installing anything with DCM.  The API provider created a new certificate and now we get this.  Does anybody have any idea what can be done to resolve it?
com.pjx.cfo.multicast.MulticastException: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.ValidatorException: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target at com.pjx.xaf.multicast.handler.HttpHandler.sendMessageProtected(HttpHandler.java:158) at com.pjx.xaf.multicast.handler.AbstractHandler.sendMessage(AbstractHandler.java:168) at com.pjx.slo.SLOServerProcessor.resendMessage(SLOServerProcessor.java:388) at com.pjx.slo.SLOServerProcessor.processMessage(SLOServerProcessor.java:217) at com.pjx.slo.SLOServerProcessor.processMessages(SLOServerProcessor.java:163) at com.pjx.slo.SLOServerProcessor.run(SLOServerProcessor.java:105) at java.lang.Thread.run(Thread.java:825)
Thanks,
Nick

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.