SSO error failed to establish trust with server at [login.microsoftonline.com]

krzychohoho · January 11, 2024, 12:48pm

Hi, I came across a problem recently and I need urgent help. The machine that was running Elasticsearch was restarted and now the service will not run. The error is:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388) ~[?:?]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271) ~[?:?]
        at sun.security.validator.Validator.validate(Validator.java:256) ~[?:?]

What is causing this issue? It was running before and now it is dead so why did SSO just behave like that?

Thank you in advance.

yago82 · January 12, 2024, 9:53pm

Hi,

The error message indicates a problem with the certification path, which might be related to the Java truststore. Verify that the SSL certificate's root CA is present in the Java truststore. You may need to import the CA certificate into the truststore using the keytool command.

keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias your_alias -file /path/to/your/ca_certificate.crt

Replace your_alias with a unique alias and provide the correct path to your CA certificate.

Regards

krzychohoho · January 17, 2024, 11:09am

Yeah, but it had worked for 2 years before the reboot and I had a functioning SSO with SAML. What CA should I import into trustore?

system · February 14, 2024, 11:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.