java.security.cert.CertPathBuilderException: invalid certificate, key
identifier is missing from authority key identifier extension
and other java exception:
at com.ibm.security.cert.PKIXCertPathBuilderImpl.createCASelector(Unknown Source)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(Unknown Source)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
These java exceptions and path build failure are resulted from the customer 's Intermediate certificate i.e "iLienTestVersignSecureServer Certificate.cer" doesn't have "key identifier" in the"authority key identifier extension".
Resolving the problem
The APAR fix "PK33715: SUPPORT VERISIGN CERTIFICATES THAT HAVE NO AKI EXTENSION" will resolve the issue and which is part of IBM JDK SR7.
Users should upgrade the WPG level to Fix Pack 5 which will upgrade the JDK to 1.4.2 SR 5 and also the WAS level to 126.96.36.199. Then, later please ask the customer to upgrade the JDK to SR7
The below instruction to upgrade the JDK to SR7 after applying the WPG Fix Pack 5.
Note : Please follow the below instructions only after applying the WPG Fix Pack 5
Applying SR7 on top of JDK 1.4.2 SR5,
Steps to apply the fix
1) Stop all the components of WPG, namely console, receiver and router,
before applying this JDK level fix.
2) Ensure that there is enough disk-space to apply this fix (you would
need close to 300MB, while applying this fix)
3) Download the update installer from below link, if its not available.
Typically customers won't have this file, unless they have applied a JDK
level fix, previously
The exact updater would depend upon the the type of OS and the system
For Linux 32 bit OS intel, the file is => updi.6000.linux.ia32.tar
Untar the "updi.6000.linux.ia32.tar" to the same Install root location
as your WAS directory which is being used by WPG hub. e.g. If WPG hub is
installed in "/opt/IBM/WPG/bcghub/" then untar the file
"updi.6000.linux.ia32.tar" in "/opt/IBM/bcghub/was".
4) After untarring you would get another folder under WAS, namely,
5) Download the SR7 from the following location
The exact SR7 file would depend upon the the type of OS and the system
For Linux 32 bit intel, the file is
6) Move the downloaded iFIX "6.0.0.X-WS-WASJavaSDK-LinuxX32-IFPK36145.pak" for the above PMRs to the below stated folder '/opt/IBM/WPG/bcghub/was/updateInstaller/maintenance"
7) Run the Update Installer (update) present under this updateInstaller
folder to launch the GUI
8) Click Next to continue on the Welcome panel.
9) Make sure the directory name listed for the product installation is
correct and click Next
10) Select the 'Install maintenance package' radio button and click Next
11) Make sure the path listed points to the proper iFix package to be
applied to the product and click Next
12) Click Next to begin copying the JRE to the updateinstaller directory.
13) Click Relaunch to restart the Update Installer with the JRE copied
to the updateinstaller directory.
14) The path to the maintenance package is displayed. Note: The wizard
will remember all values from the previous launch. Click Next to continue
15) Click Next to begin applying the Refresh Pack
16) Click Finish to complete the installation.
17) In case of shortage of disk-space, delete the updateinstaller
directory (e.g. /opt/IBM/bcghub/was/updateinstaller). This will save
149M of disk space.
18) Now go to "/opt/IBM/bcghub/was/java/bin" and check the version of the JDK installed. You can do this by giving the command "./java -version" The version should be SR7,
Something like, java version "1.4.2"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2)
Classic VM (build 1.4.2, J2RE 1.4.2 IBM build cxia32142-20061124
(SR7) (JIT enabled: jitc))
19) Start the components of WPG
|Business Integration||WebSphere Partner Gateway - Express||6.0.0, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124||All Editions|