Clickatell SSL API
You may receive the following error when you try to send SMS using the Clickatell SSL API.
"PKIX path validation failed: java.security.cert.CertPathValidatorException: basic constraints check failed: pathLenConstraint violated - this cert must be the last cert in the certification path."
It actually means that the top(or intermediate) CA of the Clickatell SSL certificate is not trusted by your DualShield or DUAP server.
You can work it around in one of the following ways.
1. Change to HTTP
Find https://api.clickatell.com/http/sendmsg in the file clickatell.xml, change it to http://api.clickatell.com/http/sendmsg
In DualShield(V5x), this file is located in C:\Program Files\Deepnet DualShield\smsproviders
In DUAP (V3x), it is located in C:\Program Files\Deepnet Authentication Server\Tomcat\conf\dgs
2. Import the related CA certificate to Deepnet JAVA CA store.
In Browser, type the url "https://api.clickatell.com", view the certificate.
Then, select the intermediate one "thawte Primary Root CA", View this certificate and go to the tab "Details"
Then Copy it to File, choose BASE64 format
Assume the saved certificate file is called tprca.cer, in Windows Prompt, execute the following command
On DualShield
"C:\Program Files\Deepnet DualShield\jre\bin\keytool" -import -trustcacerts -alias "thawte pr" -file tprca.cer -keystore "C:\Program Files\Deepnet DualShield\jre\lib\security\cacerts"
On DUAP
"C:\Program Files\Deepnet Authentication Server\jre\bin\keytool" -import -trustcacerts -alias "thawte pr" -file tprca.cer -keystore " C:\Program Files\Deepnet Authentication Server\jre\lib\security\cacerts"
type "changeit" if you are asked for password. You should see the response " Certificate was added to keystore" if you do it correctly.
You may need to restart your DualShield or DUAP service for it to take effect.