This issue got me twice and I should've blogged it the first time for reference.
I installed a Godaddy certificate and everything looked fine on Firefox and IE. But when we tried to make a server-server connection via SSL, the requesting server rejected our SSL cert. Here's a part of the error message on the requesting server:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
This is what went wrong:
While following the instructions at http://help.godaddy.com/topic/742/article/4875 to install the Godaddy Cert, I originally picked the wrong file.
In section 10 of the first part, it says "Click Browse to locate the certificate file." The Browse button defaults to "*.cer, *.crt", so I chose the .crt file that Godaddy sent us. That was the wrong file, even though the certificate installed and most browsers seemed happy with it.
The correct file:
What the instructions should've said in Step 10 was to select the .p7b or gd_iis_intermediates.p7b file which is the actual intermediate certificate. So I went back and imported the .p7b file and the server-server connection was fine again.
p.s. I also deleted the incorrect record from the previous step. It's was created under Certificates/Intermediate Certificates/Certificates.
Wednesday, November 18, 2009
Subscribe to:
Comments (Atom)
