We are using an OpenFire server, and Spark. We had OpenFire generate the CSR, and then subsequently took the CSR and went to our internal OpenSSL based CA and issued certificates for OpenFire. We then added the response to the OpenFire system page, and it recognized the certificates as “CA Signed”. Just for kicks, we also added our internal CA to the truststore.
HOWEVER, we are getting the following problem in our logs from the Spark 2.8 client we are using:
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This looks like it’s failing to create the certificate path properly. The Windows system store contains the CA certificate as a trusted CA cert. However, Spark still fails to verify this.
How do we fix this problem so we can use the internally-signed CA certificate for our LAN/network for the chat system?
Note that our internal CA doesn’t have any intermediate certs - to validate the cert it only has to go up one step in the chain to ‘validate’ the CA root cert.