Hitachi Vantara Pentaho Community Forums
Results 1 to 3 of 3

Thread: Not able to access Pentaho Web Service over SSL from Java application (Salesforce)

  1. #1
    Join Date
    Sep 2017

    Default Not able to access Pentaho Web Service over SSL from Java application (Salesforce)

    Hi all,

    I configured the domain SSL with Pentaho Carte Server using the following document "".

    I generated the .JKS file using keytool and include the path and keystorepassword in config file. Also I added the domain SSL certificate to cacerts.

    when tried to reach the following endpoint over HTTP request from Salesforce/Java Applicatin I am getting the following error "EXCEPTION: System.CalloutException: PKIX path building failed: unable to find valid certification path to requested target."

    Also, I am able the see the certificate chain and Green Lock symbol in browser. It means Certificate is valid/OK.

    Did I missed any thing ? Please help me in solving this issue. This is priority for us.


  2. #2
    Join Date
    Sep 2017


    Can some one help me on this issue. I struck here.

  3. #3


    Off-hand, it sounds like Salesforce can't verify the SSL certificate that you're using. It could be caused for a few different reasons.

    1. You are using a self-signed certificate.

    This can happen if you created a self-signed certificate, or used your company's internal CA to generate the certificate. A quick way to test this is to use a computer that's not associated with your corporate environment to connect to the Carte web server, and see if you get the same green lock icon, or if it gives certificate warnings. You can also look at Salesforce's documentation, which has a list of trusted root certificate authorities that you can use to compare with your certificate.

    2. Your certificate has intermediate Certificate Authorities, but those intermediate certificates are not being sent to Salesforce.

    Salesforce only has a list of root Certificate Authorities. Your certificate may likely have multiple layers of Certificate Authorities between your website and the root CA, and if only the last certificate (yours) is sent, it can't validate back to one of its root CAs.

    You'll need to have the Carte Web Server provide all of the intermediate certificates (a.k.a. "chain") when it sends the SSL certificate to clients. There are a few different blog posts available online (search for "jetty ssl certificate chain"), but in short, you need to generate a certificate file that has both your certificate, and the intermediate certificates into a single file, which you can then import into your keystore.

    Hope that helps.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.