Federated Sign-In: Certificate Errors

When configuring the PAM Federated Sign-In module and using a self-signed SSL certificate, you may receive the below errors.

 

PKIX path building failed … unable to find valid certification path to requested target

 

The reason for this is that the PAM WEB application does not trust the Federated Sign-In module because the PAM farm is setup to use a self-signed SSL certificate (either individually self-signed or signed by the client’s certificate authority).

 

The easiest solution for this is to setup PAM with a SSL certificate signed by the well known internet certificate authority known to PAM WEB Container.

Alternatively, a self-signed certificate should be imported into the PAM key store so that PAM will trust Federated Sign-In module operating under this certificate.