
User1648650736165890981 (Customer) asked a question.
I'm attempting to install this agent so that I can establish MFA on a firewall appliance. I think I need to be able to update the keystore with my organizational ca certificates. However, this gets run via "sudo dpkg" so I'm not sure how to address this:
sudo dpkg -i OktaRadiusAgentSetup-2.17.4.deb
(Reading database ... 127203 files and directories currently installed.)
Preparing to unpack OktaRadiusAgentSetup-2.17.4.deb ...
INFO: Group 'OktaRadiusService' already exists
INFO: User 'OktaRadiusService' already exists
INFO: User 'OktaRadiusService' already part of Group 'OktaRadiusService'
Unpacking ragent (2.17.4) over (2.17.4) ...
Setting up ragent (2.17.4) ...
========================================================================
Welcome to the Okta RADIUS Agent configuration script.
This needs to be run once to populate required application settings.
========================================================================
Enter the base URL for your Okta organization (e.g. https://acme.okta.com): https://dev-???????.okta.com/
Use proxy server (Choose 'No' to use direct connection) Yes/[No] :
2022-05-13 14:11:16 UTC [gputest, main] : WARN - org.apache log level is INFO, setting to WARN
2022-05-13 14:11:16 UTC [gputest, main] : WARN - org.apache.http.headers log level is WARN, setting to WARN
2022-05-13 14:11:16 UTC [gputest, main] : WARN - org.apache.http.wire log level is WARN, setting to WARN
2022-05-13 14:11:16 UTC [gputest, main] : WARN - httpclient.wire log level is INFO, setting to WARN
2022-05-13 14:11:16 UTC [gputest, main] : INFO - Configuring settings...
2022-05-13 14:11:17 UTC [gputest, main] : ERROR - Failed to save properties
com.okta.agent.AgentRuntimeException: Unable to parse Okta response
at com.okta.agent.api.http.RestClient.makeRequest(RestClient.java:486) ~[okta-agent.base-03.27.00-b8a9d43.jar:?]
at com.okta.agent.api.http.RestClient.getOAuthCodes(RestClient.java:261) ~[okta-agent.base-03.27.00-b8a9d43.jar:?]
at com.okta.ragent.util.ValidatorUtil.validateCmdArgs(ValidatorUtil.java:174) ~[OKTARadiusAgent.jar:?]
at com.okta.ragent.app.Agent.main(Agent.java:32) [OKTARadiusAgent.jar:?]
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
....
dpkg: error processing package ragent (--install):
installed ragent package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
ragent

I wrote this question. How did Okta authentication screw up and assign authorship to Florian?
Does anyone have suggestions on how to resolve this issue with the Agent?
Hi! Thanks for taking the time to reach out to the Okta Community!
I haven't been able to track down any reported issues that are mentioning an implementation exactly like yours, but whenever dealing with "sun.security.validator.ValidatorException: PKIX path building failed" , most of the times the issue was with the certificates being used.
If you're using custom certs, my advice would be to test the default implementation first to see if that works, just to rule out any generic installation issues. If that works, double-check your cert validity then remove the default install and retry the custom one.
Hope it helps!