Page tree
Skip to end of metadata
Go to start of metadata

Last updated: Dec 31, 2020 16:54

By: Christopher Alton


You may face the following errors when trying to run automation:

• Caused by: PKIX path building failed: unable to find valid certification path to requested target
• Caused by: unable to find valid certification path to requested target

Root Cause:

This issue happens when your local computer attempts to connect to the cloud, and the security certificates in your Local Computer Keystore, do not match.

This is an issue with the testing center/security, of the location where you are working. This is not caused by Perfecto.

Why This Happens:

Perfecto uses a certificate authority to provide a security certificate. You can see if your connection has the right certificate, by clicking the lock next to the cloud name.

Example - A cloud connection reflecting the correct certificate

Solution #1:

Whitelisting the Perfecto namespace

The easiest way to avoid these type of situations, is to simply whitelist the Perfecto namespace. Perfecto's service are an integrated solution. 

The best approach is to place the Perfecto domain on your allow list. This can be done by your Infra and Security teams by allowing * . This allows for minimal changes on the customer side, as we improve or add capacity to our services.

Solution #2:

Adding Certificate to the JAVA Keystore 

Some companies use their own certificate in place of the Perfecto one, which causes issues with automation. If you see any other security certificate there, you will need to add your company security certificates to your JAVA keystore.

If you see the certificate in the cloud, please continue on and follow the steps to add the certificate to your JAVA keystore.

Note: This is a complex solution. We recommend to involve your company IT team to assist.

This solution uses Google Chrome for its examples.

  1. Generate a new certificate file.

From your browser, click on the secure (or not secure) button, next to the cloud name. Locate and Click on Copy to File and complete the Certificate Export Wizard Steps.

When exporting, select the DER encoded binary X.509 (.CER) file format.

Save the certificate file locally. For Example, C:\temp\new.cer

      2. Update keystore with the new certificate.

Copy the cacerts file to a temporary location. This step is important. In some cases updating directly to Program Files is restricted, and you will receive the keytool error "Access is denied". This is why we recommend involving your local IT team.


copy "C:\Program Files\Java\jre1.8.0_151\jre\lib\security\cacerts" "C:\temp\cacerts"

From CMD prompt, run the importcert command.

keytool -importcert -file C:\temp\new.cer -keystore "C:\temp\cacerts" -alias perfectocert

The default keystore password is: changeit

Copy cacerts file back to Program Files location.

Validating the Certificate

  1. Search for your certificates in the Java keystore, using keytool.(same as step 2 in keystore validation section above)
  2. From cmd prompt, navigate to the Java installation folder, and run the keytool.exe to extract a newListOutput.txt file with the list command.

keytool -list -keystore "C:\temp\cacerts" > C:\temp\newListOutput.txt 

Open the newListOutput.txt file and search for the certificate thumbprint. Notice: the number of entries in the newListOutput file should have increased due to the new entry.

Updating the CACERTS file

  1. Copy the C:\temp\cacerts file back to your JAVA keystore location


copy "C:\temp\cacerts" "C:\Program Files\Java\jre1.8.0_151\jre\lib\security\cacerts"

If you still face the same errors, please review the additional troubleshooting document Additional Certificate Error Troubleshooting.

If you have followed both articles and still face this issue even after involving your IT team, please open a case with the Perfecto Support Team.