Hi All, I am accessing the F5 API from java, but I get the certificate error on the http request:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
But I have downloaded the certificate from the F5 portal and imported in the local java keystore.
sudo keytool -importcert -alias f5_api domain -file f5_api_com.crt -keystore cacerts
Still i get the above error. Please let me know I am missing anything.
We have wildcard certs for our domains already installed on the F5s for traffic routing. We re-use those same certs for the device certs. All devices have the exact same wildcard cert installed. This means that hitting the UI gets the same publicly signed certificate as hitting traffic vips in that domain.
This bypasses the need to add certs to the clients, as the public certs are already trusted.
@TimRiker I have downloaded the SSL certificate and imported in my java keystore. Do I need to use the Device certificate as well?
@Chris_Thuys Also I am understanding your question, but can you help me with importing the issuer of the certificate. As I am confused in that process. Please let me know the steps if possible.
Can you provide the details of the device certificate you have used?
It can be found under System ›› Certificate Management : Device Certificate Management : Device Certificate
You should be able to find the issuer cert in the device certificcate chain which can be found here: System ›› Certificate Management : Device Certificate Management : Device Certificate Chain
From there you can export it and then import to your JAVA CA repo.
I have downloaded the device certificate from the mentioned and imported inside the JAVA keystore.
Still I get the same error.
Please find the device certificate
I dont find anything under device certificate chain
can anyone please let me know the steps to be configured to access the API from java with the SSL certificate installation in jvm. As I am confused with the steps or not sure if I am missing anything.
The steps I followed:
Assuming you are actually trying to access the api on the F5 you have provided screen shots for then the certificate you require is the device certificate not the certificate in traffic certificate management.
Install the device certificate from System ›› Certificate Management : Device Certificate Management : Device Certificate into your java Keystore to trust the self signed certificate used by the F5 device irtself.
I just found that I have changed the hostname from the cli and that is not updated in the device certificate, which is giving the "hostname not verified error" Please let me know how to update the hostname in the device certificate.