Difference between revisions of "PKIX Path Building Failure"
| (4 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
This error occurs when Java is unable to validate the SSL certificate presented by the server you're connecting to. | This error occurs when Java is unable to validate the SSL certificate presented by the server you're connecting to. | ||
| + | |||
| + | ==== Cause ==== | ||
ProtocaseDesigner is packaged with its own embedded Java runtime (JRE). This JRE included a bundled certificate store (cacerts) that does <b>not</b> automatically include custom or system-installed certificates. | ProtocaseDesigner is packaged with its own embedded Java runtime (JRE). This JRE included a bundled certificate store (cacerts) that does <b>not</b> automatically include custom or system-installed certificates. | ||
| Line 28: | Line 30: | ||
2. Import your organization's certificate: | 2. Import your organization's certificate: | ||
| − | In a terminal or command prompt, navigate to the directory located above and run the following command, while replacing "yourcompany-cert" and "/path/to/your/certificate.crt" with your companies certificate name and path. | + | |
| + | * In a terminal or command prompt, navigate to the directory located above and run the following command, while replacing "yourcompany-cert" and "/path/to/your/certificate.crt" with your companies certificate name and path. | ||
* <code>keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias yourcompany-cert -file /path/to/your/certificate.crt</code> | * <code>keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias yourcompany-cert -file /path/to/your/certificate.crt</code> | ||
| Line 35: | Line 38: | ||
==== Permanent Fix (Coming Soon) ==== | ==== Permanent Fix (Coming Soon) ==== | ||
| − | We | + | We hope to soon have a permanent solution that allows our application to automatically trust certificates from the system’s certificate store. This will eliminate the need for manual configuration in future versions. |
==== Need Help? ==== | ==== Need Help? ==== | ||
If you're unsure how to obtain or install your organization's certificate, please contact your IT or network security team. | If you're unsure how to obtain or install your organization's certificate, please contact your IT or network security team. | ||
| − | You may also contact our support team at | + | You may also contact our support team at designersupport@protocase.com for assistance. |
Latest revision as of 12:24, 15 July 2025
Contents
Network Requests Fail with Certificate Error (PKIX Path Building Failed)
Some customers may encounter the following error when using features in ProtocaseDesigner that make outgoing network requests:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
This error occurs when Java is unable to validate the SSL certificate presented by the server you're connecting to.
Cause
ProtocaseDesigner is packaged with its own embedded Java runtime (JRE). This JRE included a bundled certificate store (cacerts) that does not automatically include custom or system-installed certificates.
If your organization uses a custom internal certificate authority (CA) OR intercepts HTTPS traffic (e.g., via a proxy or firewall with SSL inspection), the Java runtime may reject the certificate because it doesn't recognize it as trusted.
Workaround
Until a permanent fix is available, you can resolve this issue by manually adding your organization's certificate to the Java runtime's certificate store bundled with our application.
Steps to Add a Custom Certificate:
1. Locate the Java cacerts file:
Windows:
-
C:\Users\<USERNAME>\AppData\Local\ProtocaseDesigner\runtime\lib\security\cacerts
MacOS:
-
Applications\ProtocaseDesigner.app\Contents\runtime\COntents\Home\lib\security\cacerts
Linux (DEB):
-
[AppInstallDir]/runtime/lib/security/cacerts
2. Import your organization's certificate:
- In a terminal or command prompt, navigate to the directory located above and run the following command, while replacing "yourcompany-cert" and "/path/to/your/certificate.crt" with your companies certificate name and path.
-
keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias yourcompany-cert -file /path/to/your/certificate.crt
3. Restart the application.
Permanent Fix (Coming Soon)
We hope to soon have a permanent solution that allows our application to automatically trust certificates from the system’s certificate store. This will eliminate the need for manual configuration in future versions.
Need Help?
If you're unsure how to obtain or install your organization's certificate, please contact your IT or network security team.
You may also contact our support team at designersupport@protocase.com for assistance.
