oxd-server: Unable to find valid certification path to requested target

By: Michael Underwood user 11 Aug 2020 at 8:13 a.m. CDT

2 Responses
Michael Underwood gravatar
Hi, When following this tutorial https://www.gluu.org/docs/oxd/tutorials/python/ I am running into the below error: "error":"SSL handshake error","Error_description":"Unable to find valid certification path to requested target. Please check if keystore path in oxd configuration is correct." when running the command curl -k -X POST https://myGluuServer:8443/register-site --header "Content-Type: application/json" -d @data.json My oxd-server.yml file, keyStorePath variable is pointing to /opt/oxd-server/conf/oxd-server.keystore where my SSL certificate that I have created is stored. The data.json file is also stored within the same path as where the command is being run from. Any suggestions to remediate this issue please? Thanks Michael
CentOS 7.0
closed

Answers

By Arnab Dutta staff 12 Aug 2020 at 12:50 a.m. CDT

Copy
Arnab Dutta gravatar
Hi Michael, There are 2 ways to solve this issue 1. You can set `trust_all_certs` field to `true` in oxd-server.yml. Then restart oxd and test register-site. In this case, oxd will trust all certificates. 2. Or you can import Open ID provider (i.e. Gluu server) certificate in oxd trust-store (i.e oxd-server.keystore file). If the certificate or Certificate Authorities presented by the external OP server is not in our oxd truststore, we'll get an SSLHandshakeException and the connection won't be set up successfully. For #2 you may take reference of below link where `let's encrypt` ssl certificate was first added to Gluu server and then was add in truststore of oxd client. https://www.gluu.org/docs/oxd/install/#configuring-lets-encrypt-ca-trusted-certificates-in-gluu-ce-server-and-oxd Regards Arnab

By Arnab Dutta staff 12 Aug 2020 at 11:45 p.m. CDT

Copy
Arnab Dutta gravatar
Solution has been provided, hence closing the ticket.

Post an answer