Introduction

Data that is imported from external websites needs to be from a secure endpoint. When an import activity from an external website fails it is good to run this activity in debug mode and check the additional Debug logging.

It can happen that you see a PKIX error.

02-04-2025 14:34:26 DEBUG - PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetPKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetPKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

PKIX errors are typically related to certificates that are used when authenticating with an endpoint. This issue happens when your local computer or server attempts to connect to the cloud/internet and the security certificates in your local computer keystore do not match the certificate(provider) of the website. You will have to add the certificate of the website to a local client keystore file "client.truststore".  The following steps guide you in making such a local "client.truststore" file from the website that you use to import data from.

Make sure the website is secure!

For certificates via URL

This method can be used to create/update your client.truststore with the certificate(s) that are required for accessing a certain website/API.

  1. Open your Delft-FEWS Stand Alone application
  2. Press F12 to open the debug menu
  3. Select > Convert > Convert https  server certificates to client.truststore
    1. Pop up shows to fill in URL
  4. Fill in the URL including https://
  5. Delft-FEWS will make a client.truststore file in the Region home folder

NOTE: this method will never be able to add a root certificate to your truststore, as these should already be installed on your laptop/server. If you want to add a root certificate to your client truststore, please follow the steps in the next section. This also holds for self-signed certificates.

For root and self-signed certificates

Google Chrome / Edge

  1. Right-click the page and select Inspect.
  2. Select the Security tab. Tip: If this tab is not visible, select the >> for a drop-down menu (+ for Edge).
  3. Select View Certificate.
  4. In the window that opens, select the Details tab.
  5. Select Export to file. You will be prompted to select an export format. Export to a file $$$.cer

Delft-FEWS Stand Alone

  1. Open your Delft-FEWS Stand Alone application
  2. Press F12 to open the debug menu
  3. Select > Convert > Convert Certificate to clientConfig.keystore.
  4. Select the $$$.cert that you stored (From 2025.01, Delft-FEWS convert supports $$$.crt, $$$.cer as well)
  5. Delft-FEWS will make a client.truststore file in the Region home folder

See also WIKI page: ClientConfig XML File for Operator Client and Forecasting Shell Servers - 2021.02 and later#truststore

Once the client.truststore file is created, restart your Delft-FEWS Stand alone and check if you can import the data again. If you succeeded, make sure the client.truststore file is also copied to your Forecasting Shell Servers.



  • No labels

Disclaimer