Siebel Application Interface (External) migration.log shows unable to find valid certification path to requested target
The Problem: After updating your keystore for your Siebel Application Interface (External) the migration.log shows:
[ERROR] 2022-02-01 10:01:57.280 [Thread-6] Migration - com.siebel.migration.server.CGUtil:initializeServiceDiscovery null [DEBUG] 2022-02-01 10:01:57.280 [Thread-6] Migration - com.siebel.migration.server.CGUtil:cgGet URL that is used to connect to CG: https://siebelsrvr.devnumbertwo.com:9132/siebel/v1.0/cloudgateway/profiles/migrations/devtwo_profile [ERROR] 2022-02-01 10:01:57.332 [Thread-6] Migration - com.siebel.migration.server.MigrationConfig$ProfilePuller:run Unable to read the Migration Profile from CG due to IO exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Check that:
Your gateway is in fact listening over SSL
The keystore for your Application Interface Internal AND External has a proper certificate chain
The best way to tell if you have a proper certificate chain is to use the keytool and do a list verbose on the main cert has at least a length of 3 (the server certificate, the intermediate certificate and the root certificate). Example below:
keytool -list -v -alias servercertalias -keystore /usr/siebel/gtwysrvr/siebelcerts/mykeystore.jks
What you’re looking for:
Cerificate chain length: 3
