Page tree
Skip to end of metadata
Go to start of metadata

Last updated: Nov 08, 2018 23:56

By: Christopher Alton

Issue:

You may face the following errors when trying to run automation:

• Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
• Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Root Cause:

This issue happens when your local computer attempts to connect to the cloud, and the security certificates in your Local Computer Keystore, do not match.

This is an issue with the testing center/security, of the location where you are working. This is not caused by Perfecto.

Why This Happens:

Perfecto uses a certificate authority to provide a security certificate.You can see if your connection has the right certificate, by clicking the lock next to the cloud name.

Example - A cloud connection reflecting the correct certificate

Some companies use their own certificate in place of the Perfecto one, which causes issues with automation. If you see any other security certificate there, you will need to add your company security certificates to your JAVA keystore.

If you see the certificate in the cloud, please continue on and follow the steps to add the certificate to your JAVA keystore.

Note: This is a complex solution. We recommend to involve your company IT team to assist.


Solution:

Adding Certificate to the JAVA Keystore - Using Google Chrome

  1. Generate a new certificate file.

From your browser, click on the secure (or not secure) button, next to the cloud name. Locate and Click on Copy to File and complete the Certificate Export Wizard Steps.

When exporting, select the DER encoded binary X.509 (.CER) file format.

Save the certificate file locally. For Example, C:\temp\new.cer


      2. Update keystore with the new certificate.

Copy the cacerts file to a temporary location. This step is important. In some cases updating directly to Program Files is restricted, and you will receive the keytool error "Access is denied". This is why we recommend involving your local IT team.

Example:

copy "C:\Program Files\Java\jre1.8.0_151\jre\lib\security\cacerts" "C:\temp\cacerts"

From CMD prompt, run the importcert command.

Example:
keytool -importcert -file C:\temp\new.cer -keystore "C:\temp\cacerts" -alias perfectocert

The default keystore password is: changeit

Copy cacerts file back to Program Files location.

Validating the Certificate

  1. Search for your certificates in the Java keystore, using keytool.(same as step 2 in keystore validation section above)
  2. From cmd prompt, navigate to the Java installation folder, and run the keytool.exe to extract a newListOutput.txt file with the list command.

Example:
keytool -list -keystore "C:\temp\cacerts" > C:\temp\newListOutput.txt 


Open the newListOutput.txt file and search for the certificate thumbprint. Notice: the number of entries in the newListOutput file should have increased due to the new entry.

Updating the CACERTS file

  1. Copy the C:\temp\cacerts file back to your JAVA keystore location

Example:

copy "C:\temp\cacerts" "C:\Program Files\Java\jre1.8.0_151\jre\lib\security\cacerts"

If you still face the same errors, please review the additional troubleshooting document Additional Certificate Error Troubleshooting.

If you have followed both articles and still face this issue even after involving your IT team, please open a case with the Perfecto Support Team.