Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Quick Launch

Average Rating:

(1 Rating)
facebook Twitter
Print Bookmark Alert me when this article is updated


ERROR: "PKIX path building failed: unable to find valid certification path to requested target" while starting DIS in Tomcat.log
Problem Description
Data Integration Service is stuck in Starting Upstate and the following error message is seen in the Tomcat.log:

Caused by: PKIX path building failed: unable to find valid certification path to requested target
New certificate needs to be added in cacerts file.
Steps to import certificates to Agents java cacerts : “{AgentInstallDir}\jre\lib\security\cacerts”.

1. Unzip the attached certificate file 
2. This will give you digi.cer file.
3. The certificates can be imported by using the keytool command (available under {AgentInstallDir}\apps\jdk\1.8.0_202\jre\bin) with the below syntax:

Go to the directory : cd {AgentInstallDir}\apps\jdk\1.8.0_202\jre\bin  for ex:

 keytool -import -trustcacerts -storepass <password_for_certificate> -alias <alias_name> -file <full_path_with_certificate_filename> -keystore <full_path_to_cacerts_file> -v

4. Before running this command please take backup of cacerts file present in the directory {AgentDir}\java\jre\lib\security\.


For Windows Agent :
 keytool -import -trustcacerts -storepass changeit -alias DigiCert1 -file C:\digi\digi.cer -keystore ..\lib\security\cacerts -trustcacerts
For Linux Agent:
keytool -import -trustcacerts -storepass changeit -alias DigiCert1 -file /tmp/digi.cer -keystore ../lib/security/cacerts -trustcacerts
If you want to import more than one certificate, then you need to provide different/unique alias names in the -alias option of the above command.
5. Re-start the Agent. 

Note: The issue is seen in two scenarios. 

1. Custom Truststore is used instead of default cacerts.
2. System Java is used instead of Agent Java.

More Information
Steps to download the DigiCert or any other certificates from IICS : 
1. Go to Informatica Cloud Url (Ex: Google Chrome or any other browser. Make sure that the website's address begins with HTTPS, and that a lock icon appears in the Address bar.


 2. Click the lock icon and then click View certificates to view the certificate used to encrypt the webpage.
 3. In the Certificate Wizard, navigate to the Certification Path tab and select DigiCert.


4. Refer the following kb to download & import certificate:
Applies To
Product: Cloud Data Integration
Problem Type: Security
User Type: Architect; Developer
Project Phase: Implement
Product Version:
Operating System:
Other Software:

Last Modified Date:10/9/2019 9:11 PMID:527461
People who viewed this also viewed


Did this KB document help you?

What can we do to improve this information (2000 or fewer characters)