Our goal? Making
complex simple

23 October 2017

Certificates and http client calls

Sjaak Overgaauw

We recently re-discovered how important it is to use compatible certificates on servers. Here’s an example use case:

  • Connect to an API over https using the Boomi http client connector
  • Pull data from the API


When I tested the connection, I received the following error in Boomi

SSLHandshakeException. ValidatorException: PKIX path building failed: unable to find valid certification path to requested target”

I’m pretty sure any Boomi or Java developer has seen this error before. I usually first check the following:

  1. Test the API from Postman first
  2. Verify if the certificate is looking OK in my Chrome browser
  3. Verify the certificate using https://www.ssllabs.com

The results of above tests looked as follows:

  1. Postman: PASS
  2. Chrome security report: PASS
  3. ssllabs.com: PASS, it showed a green A rating
  4. Boomi: FAIL

OK, so the Boomi http client connector did not work. And the other tests all looked fine. Hmmm….there’s  something going on here.


If you search the Boomi community, you will get many articles on this error. However, most of these articles are related to certificates used for client authentication. But I could not find an article related to the https client connector and certificate issues.

Without a clear indication, I decided to try an old trick from the past

  • Buy a certificate from one of the major certificate vendors like Comodo
  • Replace the existing certificate on the platform hosting the API

And guess what? I worked!  But why?

I decided to log a support request at Boomi. They came with the following information


First some facts.

  • The Dell Boomi cloud currently runs on the Oracle JDK  1.8.0_66.
  • For local Atoms, Boomi comes with a default JRE. I’m not sure what the exact version is. But at Cloud Connectors, we always install the Oracle JDK 1.8.0_66. Reason: this gives us the opportunity to remotely monitor Boomi using JMX.

When we replaced the Let’s Encrypt certificate with a Comodo one, everything was working fine again.

So, as it looks now, we think the Boomi error was causes by Boomi running on Java  1.8.0_66 and the remote server hosting the API running using a certificate being supported as of  Java 1.8.0_101.

We want to further investigate this in the near future. So stay tuned!