Unable to register Template
Problem
ERROR: Unable to register template when register from HTTPS
I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Root Cause
JAVA is not able to validate destination SSL cert.
- Keystore cert file was not available in SSVM. (/etc/ssl/certs/cert_apache_chain.crt)
- Global settings for "consoleproxy.url.domain" and "secstorage.encrypt.copy" value not correctly set.
Resolution/Workaround
- Upload SSL cert for the running environment.
- Add Values to "consoleproxy.url.domain", "secstorage.encrypt.copy" and "secstorage.ssl.cert.domain"
- Restart or recreate SSVM if needed
Now, the certificate will be pushed to SSVM and JAVA can validate this cert against destination SSL for the handshake.
Verification
We can verify as below (SSVM).
Step 1. Login into DB
Step 2. run (select * from keystore\G) [note down result]
Step 3: Log in to SSVM
Step 4: Open file (/etc/ssl/certs/cert_apache_chain.crt)
Step 5: Compare Step 2 and Step 4
Step 6: Script (/usr/local/cloud/systemvm/config_ssl.sh) will push certificates so, those logs will be available in cloud.log
We can verify as below (CPVM).
Step 1. Login into DB
Step 2. run (select * from keystore\G) [note down result]
Step 3: Log in to CPVM
Step 4: Open file (/etc/ssl/certs/ca-certificates.crt) (One of the certificates will be present here)
Step 5: Compare Step 2 and Step 4
Document ID:
360041797192
Product:
RoviusCP
Version:
4.11.0
Operating System:
Linux
Comments