While performing Highlight automation Scan with the CLI command the following error is seen
"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
Workaround or Action Plan
This error occurs when the certificate of the URL is not imported to the cacerts of JRE on the machine.
- Go to URL in your browser:
-
-
- firefox - click on HTTPS certificate chain (the lock icon right next to URL address). Click
"more info" > "security" > "show certificate" > "details" > "export..". Pickup the name and choose file type example.cer - chrome - click on site icon left to address in address bar, select "Certificate" -> "Details" -> "Export" and save in format "Der-encoded binary, single certificate".
- firefox - click on HTTPS certificate chain (the lock icon right next to URL address). Click
-
- Now you have file with keystore and you have to add it to your JVM. Determine location of cacerts files, eg.
C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts. - Next import the
example.cerfile into cacerts in command line (may need administrator command prompt): keytool -import -alias example -keystore "C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts" -file example.cer - You will be asked for password
- Restart your JVM/PC.
NB : Ensure that the JRE getting called during the CLI call is the one imported with the certificate, otherwise the SSL handshake may fail. If there is a proxy defined in the machine check whether you can ping the Highlight URL from CLI successfully.
If using ZScaler proxy, it might not be possible to import certificate of Highlight since zscaler proxy is handling this. . ZScaler uses zscaler proxy certificates.
Zendesk Ticket
39717, 43479, 41640, 44125
Related Articles
Highlight Automated Code Scan (Command Line)
Additional Resources
CAST Highlight Troubleshooting Guides
CAST Highlight Product Documentation
Comments