Frequently Asked Question

Issue when adding the N4V extension in HTTPS environment
Last Updated 16 days ago

Symptom

  • You want to activate the N4V Webi extensions provided by Need4Viz to enhance the Webi capabilities but the extension is hosted on a Tomcat configured in HTTPS and an error message is displayed when trying to validate the extension : image
  • In the stderr.log fil of the ~SAPBI\tomcat\logs folder, you can find the error :

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:377)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:315)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:838)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at sun.security.validator.Validator.validate(Validator.java:271)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:636)
... 93 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:127)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)

Reason and Prerequisites

Environment:

  • SAP BusinessObjects 4.3 SP3+
  • N4V 2024.1.0+

Resolution

If the Tomcat is configured with HTTPS, then you need to add the certificate of the server (SAPBI URL) to the certificate's store of the SAP BI platform.

To achieve that, run the following steps on all SAPBI servers of your deployment/cluster :

  • Backup the cacerts file : ~SAPBI\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\jre\lib\security\cacerts 
  • Retrieve your server certificate (including the root & intermediary certificates, generally used to configure the HTTPS configuration of Tomcat to access the SAPBI Launchpad) : for instance my_certificate.pem
  • Open a command as administrator and goto the folder ~SAPBI\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin
  • Run the command keytool -importcert -keystore ..\jre\lib\security\cacerts -storepass -file your_filename -alias your_alias (you can name the alias as you want, the default password of the cacerts store is "changeit")
  • Restart the SIA and the Tomcat
  • After that, you should be able to add the N4V extension in the CMC

Please Wait!

Please wait... it will take a second!