Trying to setup ADFS, I'm getting:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I switch to the non-secure versions and I still get the same error. I added the root certificate, the subCA cert and even the token signing from ADFS and none will work. Furthermore I added the root in https://<vCSA>/ui/app/admin/certificates not to mention that vCenter was already joined to AD. The trust should be there already. Using the Global Catalog endpoints didn't work either.
| Components | |
|---|---|
| ADFS | 2019 |
| AD | 2016, 2019 (2019 DCs had a lot of issues so Windows Server 2016 servers were redeployed--most of them) |
| vCSA | 7.0.0.10400 build 16386292 |
| PKI | |
| Root in vCenter's trusted roots | Yes |
| Certs added in the setup process | Yes (rootCA, subCA and adfsTokenSigning) |
| CRLs | All online |
| AIAs | All onilne |
| OCSP | Online |
| Other | Tested Kerberos request of tickets with kinit and klist by SSHing to vCSA. Kerberos works fine. Tested name resolution from vCSA SSH session. DNS is working fine. Added static mappings to /etc/hosts for all nameservers, hosts and related resources as precaution. |
Any idea how to fix it?