We are currently trying to consume a soap web service exposed on a CastIron.
This WebService has a security certificate which does not allow us to communicate.
The certificate is signed by Symantec.
When there is no certificate active for the endpoint we consume, it works with no problem.

But when the certificate is active, while there is no problem calling the service from SOAPUI, when calling from SF we are receiving the following error message:
11:24:30.0 (325656624)|EXCEPTION_THROWN|[23]|System.CalloutException: IO Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 11:24:30.0 (537301785)|FATAL_ERROR|System.CalloutException: IO Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

We are wondering if there is any extra configuration required we are missing. So far we have:
1. Add the remote site configuration where the endpoint is.
2. We use the correct endpoint URL, pointing to the https and 443 port.

We have done nothing about the certificate on SF side.
We do not understand if there is any configuation required concerning the intermediate certificate.
It is not clear to us if there is any further configuration required.

Please let me know what is missing or any documentation which explains very well what is required.
This is the documentation we have been using so far:
https://krishhari.wordpress.com/2012/02/06/making-authenticated-web-service-callouts-from-salesforce-to-ibm-cast-iron-using-sslcertificatespart-ii/
https://krishhari.wordpress.com/2012/02/06/making-authenticated-web-service-callouts-from-salesforce-to-ibm-cast-iron-using-sslcertificatespart-ii/

 

We are currently trying to consume a soap web service exposed on a CastIron.
This WebService has a security certificate which does not allow us to communicate.
The certificate is signed by Symantec.
When there is no certificate active for the endpoint we consume, it works with no problem.

But when the certificate is active, while there is no problem calling the service from SOAPUI, when calling from SF we are receiving the following error message:
11:24:30.0 (325656624)|EXCEPTION_THROWN|[23]|System.CalloutException: IO Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 11:24:30.0 (537301785)|FATAL_ERROR|System.CalloutException: IO Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

We are wondering if there is any extra configuration required we are missing. So far we have:
1. Add the remote site configuration where the endpoint is.
2. We use the correct endpoint URL, pointing to the https and 443 port.

We have done nothing about the certificate on SF side.
We do not understand if there is any configuation required concerning the intermediate certificate.
It is not clear to us if there is any further configuration required.

Please let me know what is missing or any documentation which explains very well what is required.
This is the documentation we have been using so far:
https://krishhari.wordpress.com/2012/02/06/making-authenticated-web-service-callouts-from-salesforce-to-ibm-cast-iron-using-sslcertificatespart-ii/
https://krishhari.wordpress.com/2012/02/06/making-authenticated-web-service-callouts-from-salesforce-to-ibm-cast-iron-using-sslcertificatespart-ii/