Symptoms
Active Directory connection failure with error:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Diagnosis
This can either be an invalid certificate or Saviynt application restart not done.
Causes for invalid certificate:
- If the certificate has expired.
- If you have installed a certificate, but application not restarted
- Root and intermediate certificates not combined and uploaded.
Solution
- Get the intermediate and root certificate from the Target Application SMEs.
2. Open the certs in a notepad, Copy the root certificate and add below the intermediate certificate file and saved it as .cer file.
3. The combined certificate needs to be loaded into Saviynt UI from certificate management section under Admin Function of Admin module. more details at https://docs.saviyntcloud.com/bundle/EIC-Admin-v2020x/page/Content/Chapter07-General-Administrator/C...
4. Perform a rolling restart of all the services under Admin>Admin Functions>Application Restart to reflect the certificate changes.
5. The newly uploaded cert can be selected in the SSL certificate drop down under the connection and you should be able to establish the connection for the domain controller.
