Hi,
We have an outbound REST API interface with a partner which has been running successfully since go-live a couple of years ago. It uses routing addresses but does a two-step process as we were unable to get it to work using the standard IFS authentication configuration. The first step gets an authentication token which is then stored and used by the other messages until it expires, at which point a new token is obtained. This means we have a specific routing address for the authentication token and other addresses for the functional messages.
Everything worked fine until our partner did a recent certificate update. The same cert applies to all their API end points. We started to get the following error when trying to obtain the authentication token:
ExecutionException from Sender thread
Caused by: ifs.fnd.connect.senders.ConnectSender$TemporaryFailureException: Exception while sending data
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I uploaded the new cert for the authentication routing address and the functional routing addresses, even though we did not need to do that before. The authentication call now works (it uses a synchronous call to Plsql_Rest_Sender_API.Call_Rest_EndPoint3) but the functional calls still gives the same error (it uses an asynch call Plsql_Rest_Sender_API.Call_Rest_EndPoint_Json).
Does anyone know of any differences in the ways the calls are made that would mean the authentication call now works when the other one doesn’t?
I did see a community post regarding TLS changes and understand that although deprecated for several years TLS 1.0 was finally completely blocked by Microsoft in October 2025. This made me wonder if this had something to do with the error happening for a new certificate issued since then. We are using IFS Cloud.
Has anyone had similar experiences in this area and any suggestions on what else we may need to do to get our REST API working again?
Any assistance much appreciated!
MMck