When invoking or exposing a web service, you're getting one of the following errors:
- The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
- PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The problem might be that:
- You're using an invalid certificate;
- The certificate wasn't issued by a trustworthy authority.
This happens with some frequency when integrating in non-productive environments, since the certificates installed on those environments are usually self-signed.
Navigate to the service URL using a browser, and check for certificate errors. The error message displayed by the browser should help you troubleshoot what's causing the error. If you don't see any certificate error on your local browser, repeat the test using a browser installed on the server with the problem.
The most frequent reasons for an SSL certificate validation to fail are:
- The hostname used in the URL doesn't match the name that's on certificate. Make sure the URL you're using and the URL on the 'Issued to' field of the certificate are the same;
- The certificate expired. Install a valid certificate, or contact the support of the system you're trying to integrate with;
- The Certificate Root Authority that issued the certificate is not trusted by the server. Make sure to Install the Root Certificate on the server;
- The certificate is self-signed. Make sure to Install the certificate as trusted.
Related forum discussions: