Hi Ying Nang Zhang,

Is your problem resolved? I have a similar problem here.

I had the same problem (EC2 Amazon Linux server, using TWX 8.1 Docker PostgreSQL), and it was not a self-signed certificate. The following worked for me:

Stop ThingWorx:
$ docker stop twxfoundation

Go to https://www.target_address.com/ and click on lock icon to view SSL certificates

Open Certificate and view Certificate Path - download each certificate in that path (Details -> Copy to File). Use first export option (must be X.509 certificate)

Upload downloaded certificates to your ThingWorx server

Import certificates into Docker keystores into TWX server, use following for reference:
https://adamtuttle.codes/TIL-adding-a-jvm-ssl-cert-docker/
https://stackoverflow.com/questions/21076179/pkix-path-building-failed-and-unable-to-find-valid-certification-path-to-requ/36427118#36427118

Find keystores in your TWX server (in my case Docker keystores, with a path that included "/docker/overla2"):

$ sudo find / -iname 'cacerts'

Import each certificate into each keystore, for example (storepass is "changeit" by default):

$ sudo keytool -importcert -alias myApiCert -keystore "/data/docker/overlay2/blahblah123/diff/opt/jdk1.8.0_92/jre/lib/security/cacerts" -file my_api_cert.cer -noprompt -storepass changeit

Hi, 

I got this problem, while installing ThingWorx Navigate when connecting to Windchill,

I have solved it importing the Windchill signing certificate into Java Keystore.

Regards,

madhu

Hi there,
i had the same issue and as rajunall commented, you have to import the windchill certificate into the cacerts.
After doing so I run the tomcat configuration and in Java options you should add the following entry:

-Djavax.net.ssl.trustStore=C:\Program Files\Java\jdk1.8.0_92\jre\lib\security\cacerts
replace the cacerts path according to your installation

Hi Craig A.,with "java InstallCert externalserver:port",what the "port"should be?Thanks.