Bootstrap FreeKB - IBM WebSphere - Resolve "IBMCertPathBuilderException unable to find valid certification path to requested target"
IBM WebSphere - Resolve "IBMCertPathBuilderException unable to find valid certification path to requested target"

Updated:   |  IBM WebSphere articles

Let's say the following is in the HPEL or SystemOut log of one of your WebSphere application servers.

IBMCertPathBuilderException: unable to find valid certification path to requested target


This typically occurs when you have deployed an application to a WebSphere application server and the application is attempting to make a secured connection to a remote system. When an application running in an application server on WebSphere attempts to established a secured connection to a remote system, the application will present the certificates in the trust store being used by WebSphere to the remote system. If the remote system trusts one of the certificates being presented, the SSL handshake should be established. 


In this scenario, there will be a certain certificate that will be used to make a secured SSL connection to the remote system, and the certificate can be obtained and imported into the truststore being used by the WebSphere application server.

  1. In the WebSphere admin console, expand Security and select SSL certificate and key management.
  2. Select key stores and certificates.
  3. Select NodeDefaultTrustStore.
  4. Select Signer certificates.
  5. Select Retrieve from port.
  6. In Host, enter the hostname of the remote system.
  7. In Port, enter the port that is used to connect to the remote system.
  8. SSL configuration for outbound connection will almost always be NodeDefaultSSLSettings.
  9. Alias can be anything you want, typically the alias of the certificate.
  10. Select Retrieve signer information.

If the remote system is able to provide the certificate that should be used to provided a secured connection, the certificate should be displayed. In this scenario, select OK to add the certificate to the NodeDefaultTrustStore.

Be aware that if the application deployed to WebSphere is configured to use a trust store that does not contain a certificate that can be used to establish the SSL handshake, this can cause the error to be returned. For example, a Java application could contain the following to use a certain trust store.

System.setProperty("", "/path/to/truststore");


Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Add a Comment

Please enter c46128 in the box below so that we can be sure you are a human.