Hello Mohan,

> -----Urspr=FCngliche Nachricht-----
> Von: Mohan T <Mohan.T@ramco.com.INVALID>
> Gesendet: Montag, 27. Juni 2022 08:18
> An: Tomcat Users List <users@tomcat.apache.org>
> Betreff: Help Needed
>=20
> Dear All,
>=20
> We have deployed a application in tomcat 8.5  and  while accessing
>=20
> http://sebswarcnv08.ramco:8081/samldemo-0.0.1-SNAPSHOT/hello
>=20
> Error retrieving metadata from https://dev-
> 67198606.okta.com/app/exk5htsyx3S4UcaHA5d7/sso/saml/metadata
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to fin=
d
> valid certification path to requested target
>=20
> Kindly  help us in overcoming thie.
>=20
> Thanks
>=20
> Mohan

The target server uses SSL. The server therefore has a private key and the =
client must have the corresponding public key.
The error message tells, that your client doesn't have the public key and t=
herefore doesn't trust the servers private key.
Usually the private key is signed by a certificate authority or for develop=
ment it can also be self-signed.
Check the "certificate tree" in the browser to check which party has signed=
 the private key and get the public key of the root certificate.
This public key must be imported into the java truststore.

Here is an example of that tree / chain of trust: https://i.stack.imgur.com=
/julIO.png=20

Greetings, Thomas

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org