[keycloak-user] Do We have a solution for this?

[Vishal Komma Reddy]

Hi,

Do we have a solution for this issue yet? If so can you let us know what exatly needs to be done because we have all the certs in the keystore and also the trusted certs in the trust store and the SPI we are adding in the standalone.xml :

            <spi name="truststore">
              <provider name="file" enabled="true">
                <properties>
                  <property name="file" value="/opt/jboss/keycloak/standalone/configuration/xxx.keystore" />
                  <property name="password" value="xxx" />
                  <property name="hostname-verification-policy" value="WILDCARD"/>
                  <property name="disabled" value="false"/>
                </properties>
              </provider>
            </spi>


Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
        at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:443)
        at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:416)
        at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
        at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
        ... 88 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
        at sun.security.validator.Validator.validate(Validator.java:262)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
        ... 101 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)


Thanks & Regards,

Vishal Reddy
Validus Research Inc.
Aws Devops Developer

55 York St  Suite 802
Toronto, Ontario, Canada
M5J 1R7
Tel +1 647-253-3751|mobile: +1 226-929-6868
Vishal.kommareddy at validusresearch.com<mailto:Vishal.kommareddy at validusresearch.com> |validusresearch.com


This communication and any attachment thereto may contain confidential and proprietary material of Validus Group or others, the unauthorized disclosure of which to third parties may cause permanent and irremediable damage. If you believe you received this communication in error, please contact the sender and delete it from any computer and other electronic devices on which it may have been stored.  Thank you.