• 24 June 2022
  • 7 replies

Badge +1

Hi Folks 

I was reviewing this thread:



which seems to be precisely the same issue I am running into.  I’ve searched through my registry but could not find the appropriate key, so I created it, although I must not have created it in the right spot, I’ve made some other error, OR this is no longer the way to solve the issue.  

I have tried both here:
HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\Instance001\WFEngine

And here:

I created the key and dword value (ValidateSSL=0) in both locations, tried restarting the workflow engine and also tried restarting the whole machine, but I still have had no luck.

Any Tips or suggestions?

Is there any way to read the environment to confirm the key was set and the workflow engine has confirmed the setting?

My error is still:

PKIX path building failed: unable to find valid certification path to requested target<br>Source: demo-ad, Process: Workflow




Best answer by djmanning 6 July 2022, 16:53

View original

7 replies

Badge +1

Version is: 

I’m on a trial/eval. 

And I used the web Workflow client, if that makes a difference.


Userlevel 7
Badge +23

@christopherlecky , do you recall exactly how you added the key (the referenced thread was yours)?


Userlevel 5
Badge +16

I applied it via a group, but I admit I never checked to see if the registry key was actually created.

Once it was applied the error I was getting changed so my assumption was that it worked.

I’ll check on my WF engine box now and let you know if the registry key actually exists.

Badge +1

Hello - I opened a case with commvault and found that the ValidateSSL “isn’t valid anymore’ and suggested importing ‘the Self signed certificate into JAVA KeyStore’.


I will be trying this out.

Userlevel 7
Badge +23

@djmanning , can you share the case number so I can track it?

Badge +1

HI - The incident number is 220626-130

Badge +1

tldr, mark solved high level procedure1
1. Follow procedure to import self signed cert into the host keystore
2. Make sure the host can resolve the name in the cert, and your requests use the target host name.

Thanks for your attention!


Just to let you know that the issue was resolved by following the procedure above

I had an additional issue where the self-cert issued was not fully qualified, and was not resolvable by the Commvault host OS.  I was able to work around this by modifying the local OS host file (was windows, so win/sys32/drivers/etc/host → just remember to modify this file as an administrator).

I was able to send through the httpclient using https to the server with a self signed certs once this completed