Symantec IGA

Hi all,

I have an AS/400 instance, which has a server certificate, issued by a root CA (so, 2 certificates in the chain).

I imported both certificates in 4 keystores:

1) windows keystores, using mmc - certificates - local machine - trusted root

2) java connector server cacerts, on JCS/jvm/lib/security

3) jdk cacerts

4) jre cacerts

also, i added both certs to the CS web console's certficitation tab.

(then restarted both CS and JCS).

Exception shown when I create endpoint is: SSLHandShakeException: pkix path building failed: CertPathBuilderException: Could not build a validated path.

is there some keystore else where I should place the server certificate?

The link to the product documentation on the OS400 certificate can be found at:

How to Secure Your Information (Optional) - CA Identity Management & Governance Connectors - CA Technologies Documentati… 

If you continue to have problems you may be best with opening a support case.

Hi all, it was a problem with OS/400 (about user permissions), on IDM side was correct. Thanks!

We saw this issue as well. Imported certificate into C:\Program Files (x86)\CA\Identity Manager\Connector Server\jcs\conf\ssl.keystore and it worked.

Ranga Vinjamuri