Hello Team,

We have added the certificates successfully in Webpshere server 8.5 under signer certificates for our dev and test environment server , while connecting it we are getting this exception. So need help here .Caused by: java.sql.SQLException: [jcc][t4][2030][11211][4.21.29] A communication error occurred during operations on the connection's underlying socket, socket input stream,

or socket output stream. Error location: Reply.fill() - socketInputStream.read (-1). Message: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:

java.security.cert.CertPathValidatorException: The certificate issued by CN=IBM Internal Root CA, O=International Business Machines Corporation, C=US is not trusted; internal cause is:

java.security.cert.CertPathValidatorException: Certificate chaining error. ERRORCODE=-4499, SQLSTATE=08001 DSRA0010E: SQL State = 08001, Error Code = -4,499

Just for reference, the configuration of how a connection to a database is done is completely up to the database driver. So any changes you do to the WebSphere Application Server's SSL configuration, like adding signer certificates to the WebSphere Application Server's truststore will not effect how the database connection is handled, unless someone configured the database driver to use the same truststore as WebSphere Application Server. Depending on how that database driver (JDBC driver) is configured it could rely on some defaults or specify everything, like protocol, truststore, ciphers, etc. If if relies on some defaults, then the default items like protocol etc. that would be set by WebSphere during the startup of the JVM could be in play, but a poorly written application deployed on WebSphere could also cause problems with defaults. For a possible fix, I would add the signer to the cacerts file for the JVM, and check the properties for the JDBC driver, to see what truststore is configured.

Thanks for responding with details , we have not deployed any application in WebSphere application yet , just added the signer certificates and retrieved them also and getting the when testing Db2 connection,exception:java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:

java.security.cert.CertPathValidatorException: The certificate issued by CN=IBM Internal Root CA, O=International Business Machines Corporation, C=US is not trusted; internal cause is: