Hi , I have a question regarding the PDC certificate.
I have already followed the guideline for Installing SSL certificates and placed the PDC certificate into our truststore.
when i run connectivity test and see pega log “ERROR- com.pega.pegarules.pub.services.ConnectorException: Caught unhandled exception: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”
I assume this means the certificate was not properly configured on our local machine. Can you advise on how I can solve this issue?
Thank you.
@MohdNurHaizhamS17111026 I entered your issue in our new MSP GenAI Support Buddy:
Suggestion:
Solution Steps### 1. Download the Root CA Certificate (if not already done)
While you mentioned that you’ve already placed the PDC certificate into your truststore, the error suggests that either the certificate wasn’t imported correctly or you might be using the wrong certificate. Pega strongly recommends using the Root CA certificate rather than the pegacloud.com certificate since:
- The pegacloud.com certificate renews annually, requiring manual updates each year
- The Root CA certificate remains valid until 2039
If you need to redownload the certificate, follow these steps:
- Log into PDC
- In Google Chrome: Click the three vertical dots > Settings > Privacy and security > Security > Manage Certificates > Trusted Root Certification Authorities tab > Select the “PEGAROOTCA” certificate > Export
- In Firefox: Click the three horizontal lines > Settings > Privacy & Security > Scroll to Security section > Under Certificates, click “View Certificates” > Authorities tab > Select the “PEGAROOTCA” certificate > Export
2. Import the Certificate into JVM Truststore
The most common reason for this error is that the certificate wasn’t properly imported into the JVM truststore. Use the keytool utility to import it correctly:
keytool -importcert -file "<Path to SSL certificate>" -keystore "<Path to JVM truststore file>" -alias "pegaRootCA"
Where:
<Path to SSL certificate> is the location of your downloaded Root CA certificate<Path to JVM truststore file> is the location of your JVM’s truststore file (typically found at $JAVA_HOME/lib/security/cacerts or similar location)"pegaRootCA" is an alias to identify this certificate in your truststore
You’ll be prompted for the truststore password (the default is often “changeit” unless your organization has changed it).
3. Verify Proper TLS Ciphers
PDC requires specific TLS ciphers for connection. Ensure your system uses one of these:
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-GCM-SHA384
4. Restart Your Application Server
After importing the certificate into the truststore, restart your application server for the changes to take effect.
5. Verify Connection
Run the connectivity test again to verify that the SSL handshake error is resolved.
If you continue to experience issues, please let me know more details about your environment, such as:
- The specific application server you’re using (Tomcat, WebSphere, JBoss, etc.)
- The Java version
- Whether you’re using a custom truststore configuration
References:
If the above does not help, please log a support incident via the MSP.
