FAQ: SSL Initiation Error - Unable to find valid certification path to requested target

The Sentry generated error "Unable to find valid certification path to requested target" occurs when Sentry connects out to a remote server and fails the SSL connection.

The error indicates a problem with SSL (TLS) Initiation from Sentry to a remote server.  Specifically, the certificate provided by the server to Sentry cannot be validated properly - and therefore Sentry fails the connection.

 

Within the Sentry SSL Initiation Policy (associated to the HTTPS Remote policy for the remote server), it is possible to enable or disable validation (authentication) of the server certificate. If this is enabled, Sentry uses a Signer Group to validate/authenticate the server certificate.  

With new SSL Initiation policies, this option is ENABLED by default, using the DEFAULT Signer Group.

If you want to disable this validation, you will need to DISABLE the "Authenticate the Remote Server using Signer Group" option.

 

Note that the Default Signer Group is part of the base Sentry configuration (factory config) and contains many well know public CA certificates.

 

For more information please see:

 

FAQ: Forum Sentry SSL Initiation Policies Defined

0 Comments

Article is closed for comments.