Code(-9205) Error in vnd.nds.stream - PKIX path building failed
This document (7022364) is provided subject to the disclaimer at the end of this document.
Identity Manager 4.6
DirXML Log Event
Message: Code(-9205) Error in vnd.nds.stream://VAULT/TEST/DRIVERSET/DRIVER/Publisher/POLICY#XmlData:133 : Couldn't request assignment of role: '<Role DN>' to identity: '<User DN>': com.novell.nds.dirxml.soap.UserAppClientException: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The typical path for the cacerts for this JRE is located at the following in Linux: /opt/novell/eDirectory/lib64/nds-modules/jre/lib/security/cacerts. Consider the following steps:
- Determine which certificate is being used by UserApplication by checking the certificates located at /opt/netiq/idm/apps/jre/lib/security/cacerts. You can get a list of all the certs with the following command: keytool -list -v -keystore cacerts
- From here - if you have access to that same cert, just import it into the IDM Engine cacerts. If you don't have access to it, you can export it from the UserApplication cacerts, and then import it into the IDM Engine cacerts.
- To import, use the following command: keytool -import -alias <newalias> -keystore cacerts -file certificate.der
Once you've setup the IDM Engine cacerts with the certificate used by the UserApplication cacerts, restart eDirectory, and then test the driver again.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7022364
- Creation Date:20-NOV-17
- Modified Date:20-NOV-17
- NetIQIdentity ManagerIdentity Manager Roles Based Provisioning Module
Did this document solve your problem? Provide Feedback