Skip to main content
Older versions of Internet Explorer will not support certain site features. Chrome, Safari, Firefox, and Edge will provide the best experience.
Spok

Spok Mobile Registration SSL Errors SmartSuite

Overview

In some cases, the SSL Certificate that is in use by the Spok Mobile server may be self signed or might have intermediate or root certificates are are new and do not exist in the Smart Suite Certificate store. When this happens amcreg and amcHostReg will fail to establish an SSL connection the Spok Mobile Server. The below errors may be seen:

2025-06-24 16:09:15 ERROR The AMC Registration Servers are not accessible
org.apache.axis.AxisFault: ; nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Error calling WebService : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

clipboard_ef3b46d08eb0305365e0acf557a4d042e.png

 

Solution: Smart Suite 7.x

To resolve this issue, you need to get the certificate chain from the Spok Mobile certificate. Basically, you need the issuing certificates of the Spok Mobile certificate, which may be more than one. In our example, the Spok Mobile certificate had an intermediate and a root certificate. Both of these certificates were uploaded to the Smart Suite system encoded as PEM. Below is the general command that can be used to import the certificates:

 The location of the keystore file called cacerts may differ depending on the the version of Smart Suite and the version of java installed. If you run locate on cacerts, you are looking for the cacerts file under /usr/lib/jvm. The might also be able to find the file using the following command: ls -l /usr/lib/jvm/*/jre/lib/security/cacerts

sudo /u01/app/oracle/middleware/oracle_common/jdk/bin/keytool -import -trustcacerts -alias [certificate alias] -file [certificate file] -keystore /usr/lib/jvm/jdk-1.8-oracle-x64/jre/lib/security/cacerts -storepass changeit

In our specific examples, we then ran the below two commands to import those certificates into the keystore:

 The certificate alias does have to be uniqe so it does not match any other certificate in the store, but it does not have to be set to a very specific value. We opted for setting the value to the common name of the cert, replacing any spaces or special characters. 

sudo /u01/app/oracle/middleware/oracle_common/jdk/bin/keytool -import -trustcacerts -alias sectigo_public_server_authentication_root_r46 -file /u06/tjs/ca_certs/sec_root.crt -keystore /usr/lib/jvm/jdk-1.8-oracle-x64/jre/lib/security/cacerts -storepass changeit

sudo /u01/app/oracle/middleware/oracle_common/jdk/bin/keytool -import -trustcacerts -alias sectigo_public_server_authentication_ca_dv_r36 -file /u06/tjs/ca_certs/sec_interm.crt -keystore /usr/lib/jvm/jdk-1.8-oracle-x64/jre/lib/security/cacerts -storepass changeit

With the certificates added amcHostReg should see these changes immediate, but amcreg will require a WebLogic restart. Both amcreg.log and amcHostReg.dbg can be used to monitor for errors.

Solution: Smart Suite 5.x

You can resolve this issue by manually importing the new root or intermediate CA with the following command.

/u01/app/oracle/product/11.2.0/client_1/jdk/bin/keytool -import -trustcacerts -alias [alias for cert] -file[/path/to/certificate.cer] -keystore /u01/app/oracle/jrockit-jdk/jre/lib/security/cacerts -storepass [cert store password]

Smart Suite Oracle Patching

It should be noted that if a server has not had java updated in quite some time, the keystore is likely out of date. So if a new set of public intermediate and root certificates come out, they would not exist in the keystore on the server, thus causing this issue. So, keeping Smart Suite up to date on releases and patches could prevent this issue from happening. 

 

 

 

 

 


KB58468