https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960829#M29692 <P>I once had a problem with the connection to a MySQL database, and back then it was related to system time differences. I fixed it by adding <CODE>useLegacyDatetimeCode=false&amp;serverTimezone=UTC</CODE> to the URL.</P><PRE>String url = "jdbc:sas://&lt;hostname&gt;:&lt;port&gt;?useLegacyDatetimeCode=false<CODE>&amp;serverTimezone=UTC</CODE>"; Connection conn = DriverManager.getConnection(url, "&lt;username&gt;", "&lt;password&gt;");</PRE> Tue, 04 Mar 2025 14:40:32 GMT Dimax 2025-03-04T14:40:32Z https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960717#M29683 <P>Hi All,</P> <P>I am getting below ERROR but certificates are valid until Jun 2025.</P> <P>I am getting the below ERROR from Web browser. Tried to login to SASStoredProcess and manager dashboard. Webserver is working fine, Cache locater and active mQ is working fine</P> <H1 id="toc-hId-1991811326">HTTP Status 500 – Internal Server Error</H1> <P>&nbsp;</P> <P>[tomcat-http--41] ERROR [unknown] com.sas.svcs.security.authentication.validation.jasig.HttpClientResponseRetriever - sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed<BR />javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed<BR />at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)<BR />at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)<BR />at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)<BR />at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)<BR />at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)<BR />at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)<BR />at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)<BR />at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)<BR />at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)<BR />at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)<BR />at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757)<BR />at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)<BR />at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)<BR />at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)<BR />at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)<BR />at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)<BR />at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)<BR />at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)<BR />at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)<BR />at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)<BR />at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)<BR />at com.sas.svcs.security.authentication.validation.jasig.HttpClientResponseRetriever.getResponseFromServer(HttpClientResponseRetriever.java:109)<BR />at com.sas.svcs.security.authentication.validation.jasig.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:44)<BR />at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)<BR />at com.sas.svcs.security.authentication.validation.ServiceTicketValidator.validate(ServiceTicketValidator.java:79)<BR />at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140)<BR />at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126)<BR />at com.sas.svcs.security.authentication.provider.AuthenticationProvider.authenticate(AuthenticationProvider.java:85)<BR />at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)<BR />at org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242)<BR />at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at com.sas.svcs.security.authentication.session.jasig.SingleSignOutFilter.doFilterInternal(SingleSignOutFilter.java:60)<BR />at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at com.sas.svcs.security.authentication.web.filters.RevokableTokenLogoutFilter.doFilter(RevokableTokenLogoutFilter.java:38)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at com.sas.svcs.security.authentication.web.csrf.CsrfSynchronizerTokenFilter.doFilterInternal(CsrfSynchronizerTokenFilter.java:178)<BR />at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at com.sas.svcs.security.authentication.web.filters.CsrfRefererCheckerFilter.doFilterInternal(CsrfRefererCheckerFilter.java:909)<BR />at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at com.sas.framework.webapp.servlet.ApplicationNameFilter.onDoFilter(ApplicationNameFilter.java:55)<BR />at com.sas.framework.webapp.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)<BR />at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)<BR />at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<BR />at com.sas.services.storedprocess.webapp.SPFilter.onDoFilter(SPFilter.java:276)<BR />at com.sas.framework.webapp.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82)<BR />at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)<BR />at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<BR />at com.sas.servlet.filters.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:62)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<BR />at com.sas.framework.webapp.servlet.SanitizingRequestFilter.onDoFilter(SanitizingRequestFilter.java:101)<BR />at com.sas.framework.webapp.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82)<BR />at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)<BR />at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<BR />at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)<BR />at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)<BR />at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)<BR />at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)<BR />at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)<BR />at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)<BR />at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)<BR />at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:685)<BR />at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)<BR />at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)<BR />at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)<BR />at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)<BR />at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)<BR />at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)<BR />at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)<BR />at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)<BR />at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)<BR />at java.lang.Thread.run(Thread.java:748)<BR />Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed<BR />at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362)<BR />at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270)<BR />at sun.security.validator.Validator.validate(Validator.java:262)<BR />at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)<BR />at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)<BR />at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)<BR />at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)<BR />... 83 more<BR />Caused by: java.security.cert.CertPathValidatorException: signature check failed<BR />at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)<BR />at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233)<BR />at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)<BR />at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)<BR />at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)<BR />at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357)<BR />... 89 more<BR />Caused by: java.security.SignatureException: Signature does not match.<BR />at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:424)<BR />at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166)<BR />at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147)<BR />at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)<BR />... 94 more<BR />2025-03-03 12:51:19,976 [tomcat-http--41] ERROR [unknown] org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/SASStoredProcess].[default] - Servlet.service() for servlet [default] in context with path [/SASStoredProcess] threw exception<BR />java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed<BR />at com.sas.svcs.security.authentication.validation.jasig.HttpClientResponseRetriever.getResponseFromServer(HttpClientResponseRetriever.java:113)<BR />at com.sas.svcs.security.authentication.validation.jasig.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:44)<BR />at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)<BR />at com.sas.svcs.security.authentication.validation.ServiceTicketValidator.validate(ServiceTicketValidator.java:79)<BR />at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140)<BR />at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126)<BR />at com.sas.svcs.security.authentication.provider.AuthenticationProvider.authenticate(AuthenticationProvider.java:85)<BR />at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)<BR />at org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242)<BR />at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at com.sas.svcs.security.authentication.session.jasig.SingleSignOutFilter.doFilterInternal(SingleSignOutFilter.java:60)<BR />at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at com.sas.svcs.security.authentication.web.filters.RevokableTokenLogoutFilter.doFilter(RevokableTokenLogoutFilter.java:38)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at com.sas.svcs.security.authentication.web.csrf.CsrfSynchronizerTokenFilter.doFilterInternal(CsrfSynchronizerTokenFilter.java:178)<BR />at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at com.sas.svcs.security.authentication.web.filters.CsrfRefererCheckerFilter.doFilterInternal(CsrfRefererCheckerFilter.java:909)<BR />at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at com.sas.framework.webapp.servlet.ApplicationNameFilter.onDoFilter(ApplicationNameFilter.java:55)<BR />at com.sas.framework.webapp.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82)<BR />at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)<BR />at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)<BR />at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)<BR />at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<BR />at com.sas.services.storedprocess.webapp.SPFilter.onDoFilter(SPFilter.java:276)<BR />at com.sas.framework.webapp.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82)<BR />at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)<BR />at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<BR />at com.sas.servlet.filters.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:62)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<BR />at com.sas.framework.webapp.servlet.SanitizingRequestFilter.onDoFilter(SanitizingRequestFilter.java:101)<BR />at com.sas.framework.webapp.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82)<BR />at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)<BR />at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<BR />at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)<BR />at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)<BR />at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)<BR />at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)<BR />at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)<BR />at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)<BR />at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)<BR />at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:685)<BR />at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)<BR />at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)<BR />at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)<BR />at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)<BR />at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)<BR />at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)<BR />at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)<BR />at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)<BR />at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)<BR />at java.lang.Thread.run(Thread.java:748)<BR />Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed<BR />at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)<BR />at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)<BR />at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)<BR />at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)<BR />at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)<BR />at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)<BR />at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)<BR />at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)<BR />at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)<BR />at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)<BR />at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757)<BR />at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)<BR />at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)<BR />at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)<BR />at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)<BR />at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)<BR />at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)<BR />at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)<BR />at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)<BR />at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)<BR />at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)<BR />at com.sas.svcs.security.authentication.validation.jasig.HttpClientResponseRetriever.getResponseFromServer(HttpClientResponseRetriever.java:109)<BR />... 66 more<BR />Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed<BR />at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362)<BR />at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270)<BR />at sun.security.validator.Validator.validate(Validator.java:262)<BR />at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)<BR />at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)<BR />at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)<BR />at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)<BR />... 83 more<BR />Caused by: java.security.cert.CertPathValidatorException: signature check failed<BR />at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)<BR />at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233)<BR />at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)<BR />at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)<BR />at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)<BR />at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357)<BR />... 89 more<BR />Caused by: java.security.SignatureException: Signature does not match.<BR />at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:424)<BR />at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166)<BR />at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147)<BR />at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)<BR />... 94 more</P> Mon, 03 Mar 2025 14:08:29 GMT https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960717#M29683 sathya66 2025-03-03T14:08:29Z https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960719#M29684 This failure occurs when a java process fails to validate a certificate. Generally speaking certificate validations can fail because the certificate has expired, the certificate is issued by a CA not in the SAS trust store, or the certificate issued using an unsupported signature algorithm, for example. <BR /><BR />You can try adding the java option -Djavax.net.debug=ssl to the web application server where you are seeing this error to get more information. Mon, 03 Mar 2025 14:20:57 GMT https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960719#M29684 gwootton 2025-03-03T14:20:57Z https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960824#M29691 <P>Added the option,</P> <P>I am getting below message in catalina</P> <P>&nbsp;</P> <PRE>%% Initialized: [Session-3, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] ** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Thread-101, READ: TLSv1.2 Handshake, length = 958 *** Certificate chain chain [0] = [ [ Version: V1 Subject: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 24039292375563925702638477649504069454882919310652819892508280365692557099285203368736320010515095860379860530863387424108827763907550759 public exponent: 65537 Validity: [From: Tue Mar 04 12:45:23 GMT 2025, To: Wed Mar 07 12:45:23 GMT 2026] Issuer: CN=mid.com, OU=Data, O=company, L=XX, ST=XX, C=GB SerialNumber: [ b53e1c3e2 2af44883e] ] Algorithm: [SHA256withRSA] Signature: 0000: 4A 78 6A 04 B3 15 49 1A E0 DC AD 61 1F 63 C1 CE Jxj...I....a.c.. 0010: C2 F3 D2 43 35 29 7F 66 8D 28 74 9E A0 60 05 89 ...C5).f.(t..`.. 0020: 98 62 24 9F 7A 40 E2 4B 24 C4 46 05 C3 88 43 C1 .b$.z@.K$.F...C. 0030: 3F 72 A7 21 FF 91 81 BD 64 CB 94 39 51 F8 ED C5 ?r.!....d..9Q... 0040: F4 B7 E0 63 7F D0 D2 5F C2 B1 B0 61 2C 1D 87 1D ...c..._...a,... 0050: 8C 34 34 4D E7 23 75 14 09 95 FF 84 53 24 4A D1 .44M.#u.....S$J. 0060: 0A 1F 32 14 2D E6 9A DB C5 49 C0 4C 3A 66 1E DB ..2.-....I.L:f.. 00B0: 74 68 69 58 0E E6 9F A4 10 D4 3C BC A2 7A 0A 8B thiX......&lt;..z.. 00C0: 7E 1C 29 13 93 94 08 0C 30 77 32 2E 5C EA 44 B3 ..).....0w2.\.D. 00D0: D7 8E A5 1D F4 8A DD D3 27 97 38 31 68 76 6C C3 ........'.81hvl. 00E0: BC CD 69 9F 3D E0 74 0E A6 06 38 92 C8 90 C6 0C ..i.=.t...8..... 00F0: 4F 89 D4 38 27 0A 6E C1 51 F4 08 02 79 25 4E 7A O..8'.n.Q...y%Nz ] *** %% Invalidated: [Session-3, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] Thread-101, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown Thread-101, WRITE: TLSv1.2 Alert, length = 2 Thread-101, called closeSocket() Thread-101, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed Thread-101, called close() Thread-101, called closeInternal(true) Thread-101, called close() Thread-101, called closeInternal(true) Thread-101, called close() Thread-101, called closeInternal(true) Finalizer, called close() Finalizer, called closeInternal(true) SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/opt/sas/config/Lev1/Web/WebAppServer/SASServer1_1/lib/slf4j-log4j12.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/opt/sas/home/SASVersionedJarRepository/eclipse/plugins/slf4j_1.5.10.0_SAS_20121211183229/slf4j-log4j12.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Thread-101, setSoTimeout(3500) called Thread-101, setSoTimeout(3500) called Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 %% No cached client session *** ClientHello, TLSv1.2 RandomCookie: GMT: 1724318512 bytes = { 146, 184, 245, 149, 42, 192, 34, 12, 57, 25, 229, 64, 168, 175, 50, 141, 66, 230, 222, 100, 194, 248, 213, 143, 127, 55, 7, 78 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension extended_master_secret Extension server_name, server_name: [type=host_name (0), value=mid.com] *** Thread-101, WRITE: TLSv1.2 Handshake, length = 248 Thread-101, READ: TLSv1.2 Handshake, length = 93 *** ServerHello, TLSv1.2 RandomCookie: GMT: -1555134129 bytes = { 168, 245, 86, 187, 241, 172, 117, 87, 11, 166, 10, 250, 169, 84, 49, 142, 202, 107, 245, 24, 26, 132, 10, 68, 159, 85, 116, 238 } Session ID: {208, 95, 134, 156, 127, 39, 87, 54, 14, 245, 99, 7, 25, 33, 121, 66, 121, 93, 183, 254, 105, 51, 140, 124, 123, 40, 148, 97, 202, 146, 97, 141} Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Compression Method: 0 Extension server_name, server_name: Extension renegotiation_info, renegotiated_connection: &lt;empty&gt; Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2] ***</PRE> <P>&nbsp;</P> <P>and I couldn't find our trustore certs but I can see below</P> <PRE>trustStore is: /opt/sas/home/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/security/jssecacerts trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: Subject: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK Issuer: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK Algorithm: RSA; Serial number: 0x3e8 Valid from Thu May 15 06:13:14 BST 2003 until Mon May 15 05:52:29 BST 2023 adding as trusted cert: Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0 Valid from Tue Nov 07 19:31:18 GMT 2006 until Mon Dec 31 19:40:55 GMT 2029</PRE> <P>&nbsp;</P> Tue, 04 Mar 2025 14:57:04 GMT https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960824#M29691 sathya66 2025-03-04T14:57:04Z https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960829#M29692 <P>I once had a problem with the connection to a MySQL database, and back then it was related to system time differences. I fixed it by adding <CODE>useLegacyDatetimeCode=false&amp;serverTimezone=UTC</CODE> to the URL.</P><PRE>String url = "jdbc:sas://&lt;hostname&gt;:&lt;port&gt;?useLegacyDatetimeCode=false<CODE>&amp;serverTimezone=UTC</CODE>"; Connection conn = DriverManager.getConnection(url, "&lt;username&gt;", "&lt;password&gt;");</PRE> Tue, 04 Mar 2025 14:40:32 GMT https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960829#M29692 Dimax 2025-03-04T14:40:32Z https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960836#M29693 There is no time difference . we have correct date and time. Tue, 04 Mar 2025 14:53:25 GMT https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960836#M29693 sathya66 2025-03-04T14:53:25Z https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960876#M29695 The SAS trust store used by Java is &lt;SASHome&gt;/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks. <BR /><BR />This output shows the certificate was issued today (Mar 4) and is a self-signed certificate:<BR /><BR />Subject: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB<BR /> Validity: [From: Tue Mar 04 12:45:23 GMT 2025,<BR /> To: Wed Mar 07 12:45:23 GMT 2026]<BR /> Issuer: CN=mid.com, OU=Data, O=company, L=XX, ST=XX, C=GB<BR /><BR />That issuing certificate (as this is self signed, being the actual certificate) needs to be in the SAS Trust Store.<BR />You can check this against trustedcerts.pem or .jks using keytool. For example:<BR />&lt;SASHome&gt;/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -printcert -file &lt;SASHome&gt;/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.pem | grep -E '(Owner:|Issuer:)'<BR /><BR />Confirm an "Owner: CN=mid.com, OU=Data, O=company, L=XX, ST=XX, C=GB" is present.<BR />Given the certificate was just issued, it's unlikely it's in the trust store already if you didn't add it. You would do so using the SAS Deployment Manager task as documented here. This must be done for every SAS Installation Directory (SASHome):<BR /><BR />Manage Certificates in the Trusted CA Bundle Using the SAS Deployment Manager<BR /><A href="https://go.documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/secref/n0n1y5gwevy312n13h5bm4yf6quy.htm" target="_blank">https://go.documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/secref/n0n1y5gwevy312n13h5bm4yf6quy.htm</A><BR /><BR />You may also want to confirm the certificate's "Subject Alternative Names" contains an entry for the host serving the certificate. Tue, 04 Mar 2025 18:51:49 GMT https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960876#M29695 gwootton 2025-03-04T18:51:49Z https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960935#M29700 <P>Same certs are exists 5 times. as we added certs 5 times via SAS Deployment Manger. I&nbsp;<SPAN>confirm the certificate's "Subject Alternative Names" contains an entry for the host serving the certificate.</SPAN></P> <P>&nbsp;</P> <P>Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6<BR />Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6<BR />Owner: CN=OISTE WISeKey Global Root GC CA, OU=OISTE Foundation Endorsed, O=WISeKey, C=CH<BR />Issuer: CN=OISTE WISeKey Global Root GC CA, OU=OISTE Foundation Endorsed, O=WISeKey, C=CH<BR />Owner: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB<BR />Issuer: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB<BR />Owner: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB<BR />Issuer: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB<BR />Owner: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB<BR />Issuer: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB<BR />Owner: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB<BR />Issuer: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB<BR />Owner: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB<BR />Issuer: CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB<BR /><BR />I tried below step and&nbsp; it is added&nbsp; successfully by running below command.</P> <P>&nbsp;</P> <P>Certificate fingerprint (SHA1): E6:21:F3:35:43:79:15:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79<BR />CN=mid.com, OU=Data , O=company, L=XX, ST=XX, C=GB, Mar 5, 2025, trustedCertEntry,<BR /><BR /><SPAN>To verify that your CA root and intermediate certificates were successfully added, enter the following command:</SPAN></P> <DIV id="p11meyyul4ky6ln1ptuecdoippzf" class="xisDoc-note"><SPAN class="xisDoc-noteGenText">Note:<SPAN>&nbsp;</SPAN></SPAN>The name of the root CA certificate is rootca and the intermediate CA certificate is named intca.</DIV> <DIV class="xisDoc-codeSingleLineBlock"> <DIV class="CopyCode_copyCode__2RUVr"> <DIV class="CopyCode_svgContainer__2w2bZ CopyCode_show__1IfSg">&nbsp;</DIV> <DIV class="CopyCode_svgContainer__2w2bZ CopyCode_hide__3LcyA CopyCode_check__3pkU3">&nbsp;</DIV> <BR /> <DIV class="CopyCode_content__3D03n"> <PRE class="xisDoc-codeSingleLine"><CODE><EM class="xisDoc-userSuppliedValue">path-to-keytool-command</EM>/keytool -list -keystore /<EM class="xisDoc-userSuppliedValue">SAS-installation-directory</EM>/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks</CODE></PRE> </DIV> </DIV> </DIV> Wed, 05 Mar 2025 12:07:09 GMT https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960935#M29700 sathya66 2025-03-05T12:07:09Z https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960979#M29702 You would only need the certificate in there once, you may want to remove the duplicates. Wed, 05 Mar 2025 19:04:22 GMT https://communities.sas.com/t5/Administration-and-Deployment/HTTP-Status-500-Internal-Server-Error/m-p/960979#M29702 gwootton 2025-03-05T19:04:22Z