You need to sign in to do that
Don't have an account?
adreamer
callout exception : PKIX path building failed
Hi all,
In the process of making a callout to an external server from an Apex webservice, using the HTTP class
and to an end point of the type https, I get the following exception from Sales Force server:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Does somebody know what this is ?
Thanks in advance,
Fernando
Thank you very much for your response.
Unfortunately I do not own the external server, and the people who owns it have not been very responsive/professional, so I am a bit stacked with it.
I understand what you are saying, but since this is an area where I do not have much knowledge/experience, I would appreciate if you could shed some light into a few questions, with the view to learn and go down to the bottom of it.
I am here sending the code of the web service (pseudo code, I have changed a few names to protect the innocent) to be able to refer to it with more specific questions. Perhaps the issue is that I do not know enough to ask the proper questions.
The code is as follows:
webservice static String testExternalServer(){
String retValue = null;
try {
// create the HTTP Request
HttpRequest req = new HttpRequest();
req.setEndpoint(' https://stage-api.opa.com:7443/ws_gateway/opaAPI/v/1/0');
req.setMethod('POST');
// set the SOAPAction in the header
Blob headerValue = Blob.valueOf( 'SOAPAction: GenerateWebLink' );
String soapActionHeader = EncodingUtil.base64Encode(headerValue);
req.setHeader('SOAPAction', soapActionHeader);
// set the client certificate
String certificate = 'MIICfDCCAeWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx'+
'EzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAcTBklydmluZTEYMBYGA1UEChMP'+
'SGlyZVJpZ2h0LCBJbmMuMRIwEAYDVQQLEwlIaXJlUmlnaHQxIDAeBgNVBAMTF3N0'+
'YWdlLWFwaS5oaXJlcmlnaHQuY29tMB4XDTA4MDQwODAwNDMyMloXDTE4MDQwNjAw'+
'NDMyMlowgYMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQ8wDQYD'+
'VQQHEwZJcnZpbmUxGDAWBgNVBAoTD0hpcmVSaWdodCwgSW5jLjESMBAGA1UECxMJ'+
'SGlyZVJpZ2h0MSAwHgYDVQQDExdzdGFnZS1hcGkuaGlyZXJpZ2h0LmNvbTCBnzAN'+
'BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsjC8/RyuUC/7M7ROXr3KAKyws0uJEqv/'+
'T3ZIk3t/qg2XEocvLjhqbo6Uf7pOQzYeBSmUbHFQkNeiBF9sycEmYnyudVxCck12'+
'afS2eHEy/aUUYRJiIMO0MaTvTSSrmfvXMUc3X0F+AdvUACwP/n3J7uN7phF8lxPZ'+
'+0hHQkSvCP0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBjgmClQ7f96EYlNo+QKeE5'+
'wf5ipSem3zWO/csVkDNn4xV90mpZ6tQIvK9nhsDaAGC7fBPRmsou4u10nINvo1Lw'+
'5ITjAcfpoGuSgyI2Mbpae7BlOk9sqKa5/oghm6QouJ5Eew+pjJd6NqGBCCQOxkWB'+
'UKJuk+JIaelgb/pIS4LgJg==';
req.setClientCertificate(certificate,'');
String soapMsg = 'here goes the SOAP message';
req.setBody(soapMsg);
// create an HTTP object and use it to send the request
Http http = new Http();
HTTPResponse res = http.send(req);
String resBody = res.getBody();
retValue = resBody;
System.debug('The response from External Server is --> '+resBody);
}
catch(Exception e)
{
System.debug('Exception calling External Server -->'+e.getMessage());
}
return retValue;
}
The exception I have got and that I sent in my original post comes from the catch block. That lead me to believe that there was an issue with Sales Force server as that the message did not even leave Sales Force server to the other side.
From what you are saying, I understand now that Sales Force server is trying to handshake with the external server, it is founding an issue with the certificate, and then it throws that exception. Is this interpretation correct ?.
The people that own the external server were quite economical with the instruction from the beginning. For instance, we did not know that we needed to use certificates. We found that out of an exception we got (this time from their server as was coming through the SOAP response from them).
This has been quite frustrating because it is like flying blind. The latest is that they say that the exception we have got is from Sales Force sever and has nothing to do with theirs. I would need to educate myself a bit more before I can proceed with this. Can you point me out to some documentation that would put me in a position that I have a better grip of what is going on ?.
Thank you very much again !
Fernando
Did you ever sort this out? We have been getting various errors. Origially I was using wsdltoAPEX, but that doesn't seem to be working...Your method seems to get us closer, but I cannot figure out how to include login credentials in the header. Did you do something similar?