Hi. I have a java application that interfaces our IBM I based warehouse system with an internet shipping service. I am an RPG developer, not a Java developer, so a lot of this is new to me.
I wrote the Java application a couple of years ago. I initially wrote the application using the trial version of Rational Developer for i. I deployed the application by manually copying the classes from my PC workspace to a directory on the IFS. The classes are called by a CL program. I replaced Rational Developer for I with Eclipse when I replaced my workstation a couple of years ago. I’ve been using Eclipse since then to make changes to the Java application.
Since Friday morning (02/21), the application is throwing this certificate chaining error:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException:
The certificate issued by CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US is not trusted;
internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error
I traced the issue to the part of my code that downloads the shipping label from the web via HTTPS. The code successfully downloads the label file when I run it in Eclipse in Windows. It does not work when run on the IBM I.
It appears that I need to update a certificate on my IBM I. I checked the Digital Certificate Manager. I do not see the certificate with that address in the DCM. All the certs in the DCM either expired years ago or are not expired.
I’ve seen Webphsere mentioned in similar issues, but I never installed or used Websphere server on a workstation. Webshphere is installed in the licensed programs on our IBM I, however.
Is there a way to update the certificate without using Websphere?
Any assistance on this issue would be greatly appreciated.
Thank you,
S Kristant