Page tree
Skip to end of metadata
Go to start of metadata

Last updated: Oct 07, 2021 16:47

By: Christopher Alton


You may face the following errors when trying to run automation:

• Caused by: PKIX path building failed: unable to find valid certification path to requested target
• Caused by: unable to find valid certification path to requested target

Root cause

This issue happens when your local computer attempts to connect to the cloud and the security certificates in your local computer keystore do not match.

This is an issue with the testing center/security at the location of your work. This is not caused by Perfecto.

Why this happens

Perfecto uses a certificate authority to provide a security certificate. You can see if your connection has the right certificate by clicking the lock next to the cloud name.

Example: A cloud connection reflecting the correct certificate

Solution #1

Whitelist the Perfecto namespace

The easiest way to avoid these types of situations is to whitelist the Perfecto namespace.

Perfecto's services are an integrated solution. The best approach is to place the Perfecto domain on your allow list. Your Infra and Security teams can do this by allowing * This allows for minimal changes on the customer side as we improve or add capacity to our services. This prevents users from having to manually update certificates in their individual keystores.

Solution #2

Add a certificate to the JAVA keystore 

Some companies use their own certificate in place of the Perfecto one, which causes issues with automation. If you see any other security certificate there, you will need to add your company security certificates to your Java keystore.

If you see the certificate in the cloud, perform the following steps to add the certificate to your Java keystore.

Note: This is a complex solution. We recommend involving your company's IT team to assist.

The examples provided in this solution are based on Google Chrome.

Step 1: Access the cloud to get the Automation Certificate

  1. Generate a new certificate file, as follows:
    1. From your browser, go to your cloud using the following syntax: Substitute mycloud for your cloud name (example:
      1. In this case, you do not need to authenticate. We just need to generate the certificate.
      2. Click the secure (or not secure) button next to the cloud name. Locate and click Copy to File and complete the Certificate Export Wizard steps.
  2. When exporting, select the DER encoded binary X.509 (.CER) file format.
  3. Save the certificate file locally. For example: C:\temp\new.cer

Step 2 | Update the keystore with the new certificate

  1. Copy the cacerts file to a temporary location. This step is important. In some cases, updating directly to Program Files is restricted and you will receive the keytool error "Access is denied". This is why we recommend involving your local IT team.
    Example: copy "C:\Program Files\Java\jre1.8.0_151\jre\lib\security\cacerts" "C:\temp\cacerts"
  2. From the CMD prompt, run the importcert command.
    Example: keytool -importcert -file C:\temp\new.cer -keystore "C:\temp\cacerts" -alias perfectocert

    The default keystore password is: changeit
  3. Copy the cacerts file back to the Program Files directory.

Step 3 | Validate the certificate

  1. Search for your certificates in the Java keystore using keytool. (This is the same as step 2 in the keystore validation section above.)
  2. From the cmd prompt, navigate to the Java installation folder and runkeytool.exe to extract a newListOutput.txt file with the list command.
    Example: keytool -list -keystore "C:\temp\cacerts" > C:\temp\newListOutput.txt 
  3. Open the newListOutput.txt file and search for the certificate thumbprint.

    Note: The number of entries in the newListOutput file should have increased due to the new entry.

Step 4 | Update the CACERTS file

  1. Copy the C:\temp\cacerts file back to your JAVA keystore location.
    Example: copy "C:\temp\cacerts" "C:\Program Files\Java\jre1.8.0_151\jre\lib\security\cacerts"

If you still face the same errors, please review the additional troubleshooting document Additional Certificate Error Troubleshooting.

If you have followed both articles and still face this issue even after involving your IT team, open a case with the Perfecto Support Team.