////Help! I Am Getting a Certificate Error (PKIX Path)
Help! I Am Getting a Certificate Error (PKIX Path) 2019-03-20T16:56:54+00:00

Help! I Am Getting a Certificate Error (PKIX Path)

If your site is using a self-signed certificate to establish SSL (HTTPS) connections you may see an error like the following when attempting to connect to Salesforce:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
                at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
                at sun.security.validator.Validator.validate(Unknown Source)
                at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
                at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
                at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
                ... 26 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
                at java.security.cert.CertPathBuilder.build(Unknown Source)
                ... 32 more

This type of error typically means that your network is using a self-signed certificate. To make CopyStorm (or any other Java based application) work with your certificate, you must add the certificate to Java’s trusted store file “cacerts”.

To add the certificate:

  • Get a copy of your certificate.
    • This will be a CER or CRT file (example: mycompany.crt).
  • Copy the certificate to the the certificate directory in your CopyStorm installation:
    • [CopyStormRoot]/jre/lib/security
  • Navigate to the certificate directory in a shell (Linux) or command prompt (Windows) and run the command:
    • ..\..\bin\keytool -import -keystore cacerts -file mycompany.crt
    • The tool will ask you for a password. It is “changeit”.
  • You’re done! CopyStorm will now connect to Salesforce without a PKIX error.

If you have encountered this problem, it is better in the long run to use a “cacerts” file for a Java runtime that is installed globally on your computer. The procedure is the same, but the “cacerts” file is in a different location. If you take this approach then remove the “jre” directory from CopyStorm and the application will use the system default Java.

Here is a great article with more details — please reference it if you need more help.

CONTACTS

Product Questions: info@capstorm.com
Technical Support: support@capstorm.com
Phone: +1 314.403.2143