Federated Sign-In: Certificate Errors
When configuring the PAM Federated Sign-In module and using a self-signed SSL certificate, you may receive the below errors.
PKIX path building failed … unable to find valid certification path to requested target
The reason for this is that the PAM WEB application does not trust the Federated Sign-In module because the PAM farm is setup to use a self-signed SSL certificate (either individually self-signed or signed by the client’s certificate authority).
The easiest solution for this is to setup PAM with a SSL certificate signed by the well known internet certificate authority known to PAM WEB Container.
Alternatively, a self-signed certificate should be imported into the PAM key store so that PAM will trust Federated Sign-In module operating under this certificate.