unable to find valid certification path to requested target
From my Mendix application on my local PC I do a rest-call Request content for GET request to https://bag.basisregistraties.overheid.nl/api/v1/numberindications?postcode=1213AM&huisnummer=15 HTTP / 1.1 x-api-key: 732d44bf-f9fd-4fa5-8ecb-c36dfaea60a5 In mendix this error shows up: Error calling REST service at AddressServiceForNlByBAG.ACT_Get_Address (CallRest: 'Call REST Get / api / v1 / number indications') at PostalcodeHousenumber.ACT_NL_BAG_Get_Address (SubMicroflow: 'ACT_Get_Address') at PostalcodeHousenumber.SUB_Address_GetList (SubMicroflow: 'ACT_NL_BAG_Get_Address') at PostalcodeHousenumber.ACT_Address_FindData (SubMicroflow: 'SUB_Address_GetList') Advanced stack trace: at com.mendix.integration.actions.microflow.RestCallAction.execute (RestCallAction.scala: 47) Caused by: java.security.PrivilegedActionException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.mendix.integration.util.PrivilegedUtil $ .withPrivileged (PrivilegedUtil.scala: 16) Caused by: null at java.security.AccessController.doPrivileged (Native Method) etc ... The key is good and valid. A handshake goes wrong, whereas I have never had to setup anything for the handshake. The same call from Postman goes flawlessly: https://bag.basisregistraties.overheid.nl/api/v1/nummeraanduidingen?postcode=7311KZ&huisnummer=110 in Question 8876, which faced the same issue, the solution was to add the certificate of the webservice-server to the local project in the Modeler via Project->Settings->Tab Certificates->Import. So I went to https://bag.basisregistraties.overheid.nl/, downloaded the site’s certificate, and imported it into my Project settings. Ran the project again, but still received the same error
𝕿𝖎𝖒 𝖛𝖆𝖓 𝕾𝖙𝖊𝖊𝖓𝖇𝖊𝖗𝖌𝖊𝖓
What do you mean by “imported it into my Project settings”. What did you do exactly?
🏎️ Nikel HDI
When I do this, it seems by default my webbrowser (which is the superior Firefox browser made by Mozilla) will only export the certificate for the website, and this will not include the chain. I can however select any certificate in the chain to export instead as well.
What your JVM will need to trust this certificate is the whole chain. I think you should explicitly export the Staat der Nederlanden Roor certificate and import that in you project settings. Maybe you need the intermediate QuoVadis cert as well, but I would think not.