How to clear the error “sun.security.validator.ValidatorException: PKIX path building failed” in oracle apps

We installed SSL over https by using the following note id –  Using the Oracle Wallet Manager Command Line Interface in Oracle E-Business Suite Release 12 [ID 376694.1]

As part of this SSL implementation, we used a self-signed certificate and the implementation details are as follows-

cd /d01/VISR12/inst/apps/VIS_oraclevision/certs/Apache
–check the cwallet.sso ewallet.p12
$ORACLE_HOME/bin/orapki wallet create -wallet . -auto_login -pwd welcome1
$ORACLE_HOME/bin/orapki wallet add -wallet . –dn “CN=*,OU=vision,O=e-three,L=London,ST=UK,C=UK”
-keysize 1024 -self_signed -validity 3650 -pwd welcome1
CONTEXT FILE CHANGE:
cat $CONTEXT_FILE | grep https
<externURL
oa_var=”s_external_url”>https://<URL>*</externURL&gt;
<url_protocol oa_var=”s_url_protocol”>https</url_protocol>
<local_url_protocol
oa_var=”s_local_url_protocol”>https</local_url_protocol>
<login_page
oa_var=”s_login_page”>https://<URL>*</login_page&gt;
<httpslistenparameter
oa_var=”s_https_listen_parameter”>443</httpslistenparameter>
<webentryurlprotocol
oa_var=”s_webentryurlprotocol”>https</webentryurlprotocol>

Note – Replace <URL>* with a valid URL of your’s.
After we installed SSL, we had issues in our Integrated SOA responsibility, when we required to Deploy the Webservices and/or to view the WSDL’s which were already generated. The following are the error details.

STEPS

The issue can be reproduced at will with the following steps:
1. Implement (self-signed certificate) SSL
2. Attempt to Generate/VIEW WSDL
3. ERROR occur
Steps_to_replicate_the_WSDL_issue

ERROR

Warning
Service Provider Access is not available. You may not be able to see complete information about the service. Please view Service Provider logs for more details.
Service Provider Access resulted in exception ‘oracle.apps.fnd.soa.util.SOAException: SystemError: Error while sending message to server. sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target’ when attempting to perform ‘GETSOAPWSDL’. Please view Service Provider logs for more details

Solution

1. Verify if the latest patches are available in the Instance
2. Import the certificate into the keystore of jre as a trusted certificate and this should resolve the error

Location example – /d01/VISR12/apps/tech_st/10.1.3/appsutil/jdk/jre

Reference
Follow this page for more information.