Certificate not working while using on JAVA api's


#1

We are using three domains and each domain is configured with individual Lets-Encrypt Certificate (Done Manual and copied key)

Login to our application named (https://app.geo.com) works by communicating to another domain (https://m-app.geo.com) using a JAVA WS02 api (https://api.geo.com).

Till now we are using SSL Wild Card certificate for *.geo.com and these are working fine.

Yesterday for each these three domains we generated Lets-encrypt certificate manually and while accessing through browsers its showing correct ssl. But when we try to login the application we are getting an error:

OPTIONS https://api.geo.com/api/pw/user/login.json/1.3.1
XMLHttpRequest cannot load https://api.geo.com/api/pw/user/login.json/1.3.1. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://m-app.geo.com' is therefore not allowed access. The response had HTTP status code 500.

There is no issue with CORS. In error log there is no error is reporting but while checking the WS02 JAVA Console we are getting this error:

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

We also tried generating one certificate for all these domains and checked but still getting same error.

Can anyone please help us on it.

Thanks


#2

Java currently doesn’t include the DST root or the ISRG root in its CA stores currently. If you control the server running the Java application, you can add the root to the correct store and all will be well.


#3

Thanks… Able to fix the issue by adding Certificate to Keystore of WS02.