Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PKIX path validation failed with AS2 in 3.0.2 #180

Closed
mganeshs opened this issue Oct 5, 2014 · 5 comments
Closed

PKIX path validation failed with AS2 in 3.0.2 #180

mganeshs opened this issue Oct 5, 2014 · 5 comments

Comments

@mganeshs
Copy link

mganeshs commented Oct 5, 2014

Hi we are getting following error. It works fine with START. But only in AS2. Do we need to do configure something different for AS2 ?

java.lang.IllegalStateException: Unexpected error during execution of http POST to https://peppolap.everbinding.nl/as2: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
@teedjay
Copy link
Contributor

teedjay commented Oct 5, 2014

AS2 verifies the certificate chain of the receiver, and it seems your SSL/TLS certificate expired a few days ago.

Sendt fra min iPhone

Den 5. okt. 2014 kl. 08.08 skrev mganeshs notifications@github.com:

Hi we are getting following error. It works fine with START. But only in AS2. Do we need to do configure something different for AS2 ?

java.lang.IllegalStateException: Unexpected error during execution of http POST to https://peppolap.everbinding.nl/as2: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.


Reply to this email directly or view it on GitHub.

@teedjay
Copy link
Contributor

teedjay commented Oct 6, 2014

I'm closing this issue, the SSL certificate needs to be valid and you have to include any intermediate certificates in the chain.

The "troubleshooting" section has been updated with some more info about this :
https://github.com/difi/oxalis/blob/master/README.md

Good luck :)

@teedjay teedjay closed this as completed Oct 6, 2014
@mganeshs
Copy link
Author

mganeshs commented Oct 6, 2014

Hi Thore,

We have upgraded with valid certificate and also all intermediate certificate is available in the certificate path ( as suggested in issue #173.)

But still we get same problem.

Do we need to add root and intermediate certificate in java key store of our JVM ?

@teedjay
Copy link
Contributor

teedjay commented Oct 6, 2014

You do not need to add any certs to your JVM. You only need to replace the SSL certificate on your web server (or loadbalancer / proxy) with a new and valid one from a well known trusted CA.

You also need to include any intermediate certs.

Seems like your URL is offline right now so I was unable to verify, but there are serveral online versions available - like this : https://www.digicert.com/help/

@teedjay teedjay reopened this Oct 6, 2014
@klakegg
Copy link
Contributor

klakegg commented Oct 6, 2014

The chain is not complete - make sure to provide intermediate certificate (see "Extra download").
https://www.ssllabs.com/ssltest/analyze.html?d=peppolap.everbinding.nl&hideResults=on

@klakegg klakegg closed this as completed Oct 6, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@klakegg @teedjay @mganeshs