I'm encountering an SSL certificate validation error in WSO2 Integration Studio when trying to send a request to an external HTTPS endpoint. The error is a PKIX path building failed exception. The endpoint works in Postman, but it seems that WSO2 Integration Studio is unable to trust the server's SSL certificate.
The Error I'm seeing:
I/O error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I tried Installing the server's certificate into the Java TrustStore used by WSO2 Integration Studio. But the error persists, and it seems WSO2 Integration Studio is still enforcing SSL certificate validation.
JVM-level SSL configuration: I tried adding these JVM options in integration-studio.ini to disable SSL validation globally, but it didn’t work:
-Dcom.sun.net.ssl.checkRevocation=false
-Djavax.net.ssl.trustStoreType=JKS
-Dcom.sun.net.ssl.trustStore.disable=true
I also added the disableSslValidation="true" attribute in the endpoint configuration, but this didn’t seem to resolve the issue either.
Is there a reliable way to disable SSL certificate validation in WSO2 Integration Studio? I’m looking for a way to force WSO2 to bypass SSL certificate validation either at the endpoint level or globally within the studio. This is for a non-production environment, and the SSL certificate validation is not needed at this stage of development.
If modifying the TrustStore is the only way, is there something I might be missing that could explain why the imported certificate isn't being used?
You need to import the backend certificate to the client-trustore of the MI server you are using. Since MI server will be making the backend call, updating the WSO2 Integration Studio's Trust store won't work. If you are using the embedded MI server of the Integration studio you need to import the certificate to that client-trustore which is located at <INTEGRATION_STUDIO_HOME>/runtime/microesb/repository/resources/security. For more information on importing SSL certificates refer the official documentation https://mi.docs.wso2.com/en/latest/install-and-setup/setup/security/importing-ssl-certificate/#importing-ssl-certificates-to-a-truststore