AnsweredAssumed Answered

Issue setting up SSL-MA

Question asked by Konfu on Nov 17, 2016



We need to set up SSL Mutual Authentication for a DevTest Soap and REST step calling the customer back-end. Our devTest server's certificate was issued by the customer from the customer (we have a .crt, .csr and .key).

We used openssl to create our java keystore (.jks) and have imported our public and private key in it.


We have also added the public certificate from our client (a .pem file ) to our keystore.


We have adapted the file on our DevTest server:



In the DevTest workstation we have created a test that calls the REST service, but we receive following error:

[   1] [SSL Handshake Summary] SEND TLSv1 ALERT:  fatal, description = certificate_unknown
[   1] [SSL Handshake Summary] PKIX path building failed: unable to find valid certification path to requested target


Can anyone help on how I can setup the SSL-MA?


I've looked around a lot and see all kinds of different things. The more I read the more questions I have :-(

  • Is the process that I followed correct?
  • Do we need to convert these keys or certificates to another format?
  • What are the exact commands to use with java keytool?
  • Do we need a keystore and a truststore?


I would like to document these steps afterwards, so it can be of help to anyone in the community.