Unable to register Template

Problem

ERROR: Unable to register template when register from HTTPS

I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Root Cause

JAVA is not able to validate destination SSL cert. 

- Keystore cert file was not available in SSVM. (/etc/ssl/certs/cert_apache_chain.crt)
- Global settings for "consoleproxy.url.domain" and "secstorage.encrypt.copy" value not correctly set.

Resolution/Workaround

- Upload SSL cert for the running environment.

- Add Values to "consoleproxy.url.domain", "secstorage.encrypt.copy" and "secstorage.ssl.cert.domain"

- Restart or recreate SSVM if needed


Now, the certificate will be pushed to SSVM and JAVA can validate this cert against destination SSL for the handshake.

Verification

We can verify as below (SSVM).

Step 1. Login into DB

Step 2. run (select * from keystore\G) [note down result]

Step 3: Log in to SSVM

Step 4: Open file (/etc/ssl/certs/cert_apache_chain.crt

Step 5: Compare Step 2 and Step 4 

Step 6: Script (/usr/local/cloud/systemvm/config_ssl.sh) will push certificates so, those logs will be available in cloud.log 


We can verify as below (CPVM).

Step 1. Login into DB

Step 2. run (select * from keystore\G) [note down result]

Step 3: Log in to CPVM

Step 4: Open file (/etc/ssl/certs/ca-certificates.crt) (One of the certificates will be present here)

Step 5: Compare Step 2 and Step 4

Document ID:
360041797192

Product:
RoviusCP

Version:
4.11.0

Operating System:
Linux

Zendesk Ticket ID:
71806

 

Comments