Receiving Certificate Chaining Error in Punchout for Amazon

Author
Messages
JimY
Veteran Member
Posts: 510
Veteran Member

    On Monday we had to apply a new certificate for Staples since then we are unable to access Amazon Punchout.  We receive the error below.  Has anyone else ran into this problem and if so what did you do to resolve it.  Amazon does not issue a certificate so the one that it is having a problem with is the server certificate and that appears to be good.  I doesn't expire until 2020.  Thank you.

    9/12/18 10:07:03:205 EDT] 00000090 ForwardReques I POST result=[Failure opening connection to https://www.amazon.com/eprocurement/punchout. com.ibm.jsse2.util.n: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
    java.security.cert.CertPathValidatorException: The certificate issued by CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US is not trusted; internal cause is: 
    java.security.cert.CertPathValidatorException: Certificate chaining error
    ]

    DennisD
    Basic Member
    Posts: 4
    Basic Member

      We don't punchout to Amazon, so I cant speak to the issue you're having.   However, we did have to apply new Staples certificates yesterday.  Staples said an email was sent an advance of this change.  Apparently, this notice never found its way to the IT department.

       

      Good luck.

      Kwane McNeal
      Veteran Member
      Posts: 479
      Veteran Member
        Jim,
        Seems like you need to add the root cert to the keystore. Have you tried that, and did it work?
        JimY
        Veteran Member
        Posts: 510
        Veteran Member
          We received the email back in August, unfortunately I lost track of it and on Monday no one could access Staples. Now we can't access Amazon after applying it. The root cert was added. I also deleted it and re added it. Still receiving the error. Thank you for the responses.
          JimY
          Veteran Member
          Posts: 510
          Veteran Member
            Thanks to a suggestion on the Infor Communities I was able to resolve this issue. I ended up using the URL www.amazon.com and retrieving from port using 443. It's strange that I didn't have to do this before. Thank you for helping.
            ---