There a number of cases were a Coldfusion server suffers from the sun.security.validator.ValidatorException: PKIX path building failed.
The error message can be found in the odl.log file of FusionReactor similar to the error message below.
On Windows environment the odl file can be found here:
- FusionReactor Directoryinstanceinstance namelogtime stampodl.log
On Linux / Mac environments the odl file can be found here:
- FusionReactor Directory/instance/instance name/log/time stamp/odl.log
It is important to state that if the odl logging is not enabled by default on the FusionReactor instance, you will need to modify the JVM config file and add the following arguments:
For ColdFusion 10 or above, the JVM config file can be located here:
- On Windows environment: ColdFusion installation directorycfusionbinjvm.config
- On Linux / Mac environments: ColdFusion installation directory/cfusion/bin/jvm.config
For ColdFusion 8 and ColdFusion 9, the JVM config file can be located here:
- On Windows environment: ColdFusion installation directoryruntimebinjvm.config
- On Linux / Mac environments: ColdFusion installation directory/runtime/bin/jvm.config
- Upgrade to Java 1.6.0_24 JVM or higher.
- Add the following argument inside your JVM config file: -Dfrlicenseservice.protocol=http. By adding that argument, the JVM is going to force the use of http rather than https and the validator will no longer be required for licensing.
It is important to state that with every JDK update on production servers, prior testing in a staging environment is recommended. Moreover, any SSL certificates added to the previous JDK used, will also need to be re added to the new JDK (cacerts) file. Finally, it is important to try and keep your environment up to date in order to avoid any similar issues in the future.
||License + Activation
||11/May/16 4:53 PM