SAP Knowledge Base Article - Preview

3532002 - Get error:'PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed' when establishing SSL connection to HANA through JDBC

Symptom

When connecting to HANA via JDBC, the connection failed. Detail error stack contains:

Caused by: com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: Cannot connect to jdbc:sap://<host>:<port> [Cannot connect to host <host>:<port> [sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed], -813.].
    at com.sap.db.jdbc.exceptions.SQLExceptionSapDB._newInstance(SQLExceptionSapDB.java:126)
    at com.sap.db.jdbc.exceptions.SQLExceptionSapDB._newInstance(SQLExceptionSapDB.java:222)
    at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.newInstance(SQLExceptionSapDB.java:50)
    at com.sap.db.jdbc.DriverSapDB._connect(DriverSapDB.java:3460)
    at com.sap.db.jdbc.DriverSapDB.connect(DriverSapDB.java:2953)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:208)
    at com.businessobjects.pjs.services.sts.SAMLImpl.testSAMLSSOConnection(SAMLImpl.java:947)
    ... 21 more
Caused by: com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: SSL handshake failed : sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed.
    at com.sap.db.jdbc.exceptions.SQLExceptionSapDB._newInstance(SQLExceptionSapDB.java:209)
    at com.sap.db.jdbc.exceptions.SQLExceptionSapDB._newInstance(SQLExceptionSapDB.java:222)
    at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.newInstance(SQLExceptionSapDB.java:33)
    at com.sap.db.jdbc.SecureSession._doHandshake(SecureSession.java:670)
    at com.sap.db.jdbc.SecureSession._sslInit(SecureSession.java:170)
    at com.sap.db.jdbc.SecureSession.<init>(SecureSession.java:74)
    at com.sap.db.jdbc.SecureSocketSession.<init>(SecureSocketSession.java:21)
    at com.sap.db.jdbc.SecureChannelSession.<init>(SecureChannelSession.java:21)
    at com.sap.db.jdbc.Session.newInstance(Session.java:306)
    at com.sap.db.jdbc.ConnectionSapDB._connectAnchor(ConnectionSapDB.java:3261)
    at com.sap.db.jdbc.DriverSapDB._connect(DriverSapDB.java:3458)
    ... 25 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at sun.security.ssl.TransportContext.fatal(TransportContext.java:377)
    at sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
    at sun.security.ssl.TransportContext.fatal(TransportContext.java:315)
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652)
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471)
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367)
    at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376)
    at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:479)
    at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:991)
    at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:978)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:925)
    at com.sap.db.jdbc.SecureSession._doHandshake(SecureSession.java:657)
    ... 32 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:369)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:275)
    at sun.security.validator.Validator.validate(Validator.java:271)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:275)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:140)
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:630)
    ... 41 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
    at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:225)
    at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:145)
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:84)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:364)
    ... 47 more
Caused by: java.security.SignatureException: Error [0xa0100202]: Signature verification failed, wrong key or encoding method
    at com.sap.commoncryptolib.provider.CCLVerificationCtx.jniVerifyHash(Native Method)
    at com.sap.commoncryptolib.provider.CCLVerificationCtx.verifyHash(Unknown Source)
    at com.sap.commoncryptolib.provider.Signature.engineVerify(Unknown Source)
    at java.security.Signature$Delegate.engineVerify(Signature.java:1393)
    at java.security.Signature.verify(Signature.java:770)
    at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:444)
    at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166)
    at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147)
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
    ... 52 more

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."


Read more...

Environment

  • SAP HANA, platform edition 2.0
  • SAP HANA Client 2.0

Product

SAP HANA, platform edition 2.0

Keywords

signature check failed, Signature verification failed, wrong key or encoding method, PKIX path validation failed, CertPathValidatorException , KBA , HAN-DB-SEC , SAP HANA Security & User Management , HAN-DB-CLI , SAP HANA Clients (JDBC, ODBC) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.