Problem: Invalid certificate error: javax.net.ssl.SSLHandshakeException

If you receive this error: "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)", perform the following steps:

Log on to OWA using http://host/exchange/user.
An invalid certificate message will be shown.
Click on the Invalid Certificate button and press View Certificate.
Go to the Details tab.
Select Copy to File at the bottom. The Export wizard will appear.
Select the first option, DER -encoded binary.
Save to C:\.
Important: The Certificate CN name must be the fully qualified domain name (i.e. server.domain.ext) of the Exchange server.
Import the certificate that was saved in step 7 into the JRE certificate keystore in %JAVA_HOME%\jre\lib\security\cacerts.For JBoss:
```
%JAVA_HOME%\jre\bin\keytool -import -trustcacerts -alias server_name -file 
certificate.cer -keystore dir\cacerts -storepass changeit
```
For WebSphere:
```
%WAS_HOME%\java\jre\bin\keytool -import -trustcacerts -alias server_name -file 
certificate.cer -keystore dir\cacerts -storepass changeit
```
Important: server_name for the -alias parameter can be any arbitrary name used to reference this certificate from the cacerts file. certificate.cer should be the full path to the certificate file. dir is %JAVA_HOME%\jre\lib\security\cacerts for JBoss and %WAS_HOME%\java\jre\lib\security\cacerts for Websphere.
Debug the certificate handling by specifying the system property javax.net.debug=true in the server Process Definition/JVM Custom Properties.

Verify the import was successful by running the following command:

keytool -list -alias server_name -keystore dir\cacerts -storepass changeit

If using WebSphere, the certificate file must be added to websphere truststore using the WAS Admin Console.
Restart the application server.