技术文章 - CS279913
“PKIX 路径构建因不受信任的凭证而失败:[subjectName='CN=<domain>氧=<org> ,C=<country> ']: 无法找到请求目标的有效认证路径”在为 ThingWorx 配置或更新 PingFederate SSL/TLS 时出现错误
已修改: 22-Sep-2025
适用于
- Windchill Navigate (formerly ThingWorx Navigate) 1.5.0 to 9.4
- ThingWorx Platform 8.1 to 9.4
- PingFederate
说明
- 使用 PingFederate 配置 SSO 时,登录失败,ThingWorx Navigate 中出现SSL 握手错误
- 尝试从 ThingWorx Javascript 服务GetJSON调用 REST API 时,会因PKIX 路径构建失败而失败 或因不受信任的凭证错误导致 PKIX 路径构建失败
- ThingWorx 许可证更新后,应用程序出现以下错误,并且用户无法使用 SSO 登录:
[L: ERROR] [O: o.s.s.s.t.MetadataCredentialResolver] [I: ] [U: ] [S: ] [P: ] [T: Metadata-reload] PKIX path construction failed for untrusted credential: [subjectName='CN=<domain>O=<organization>,C=<country>']: unable to find valid certification path to requested target
- ThingWorx 日志中出现以下错误:
- <ThingworxStorage>\logs\SecurityLog.log
[ Error requesting access token. ][ I/O error on POST request for "https://PINGFEDERATE_HOST_NAME/as/token.oauth2": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ][ sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ] [ PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ] [ unable to find valid certification path to requested target ]
- <ThingworxStorage>\logs\ErrorLog.log
[O: E.c.q.l.c.Logger] [I: ] [U: ???] [S: ] [P: ] [T: https-jsse-nio-8443-exec-7] [ Failed to utilize the SSO component for authentication ] [ Error requesting access token. ][ I/O error on POST request for "https://<Ping Fed Host>:443/as/token.oauth2": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ] [ sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ][ PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ][ unable to find valid certification path to requested target ] [L: ERROR] [O: E.c.q.l.c.Logger] [I: ] [U: ???] [S: ] [P: ] [T: https-jsse-nio-8443-exec-7] Could not handle request [L: ERROR] [O: E.c.q.l.c.Logger] [I: ] [U: ???] [S: ] [P: ] [T: https-jsse-nio-8443-exec-7] Could not handle request [L: ERROR] [O: E.c.q.l.c.Logger] [I: ] [U: ???] [S: ] [P: ] [T: https-jsse-nio-8443-exec-7] errorMessage: [Unauthorized], statusCode: [401]
这是文章 279913 的 PDF 版本,可能已过期。最新版本 CS279913