Unable to register Template
Problem
ERROR: Unable to register template when register from HTTPS
I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Root Cause
JAVA is not able to validate destination SSL cert.
- Keystore cert file was not available in SSVM. (/etc/ssl/certs/cert_apache_chain.crt)
- Modified Global setting "consoleproxy.url.domain" (Domain name) and "secstorage.encrypt.copy" (true) value.
- Recreated SSVM
Resolution/Workaround
- Upload SSL cert for the running environment.
- Added Values into "consoleproxy.url.domain", "secstorage.encrypt.copy", "secstorage.ssl.cert.domain"
- Restart or recreate SSVM if needed
Now, the certificate will be pushed to SSVM so, JAVA can validate this cert against destination SSL for the handshake.
Verification
We can verify as below.
Step 1. Login into DB
Step 2. run (select * from keystore\G) [note down result]
Step 3: Log in to SSVM
Step 4: Open file (/etc/ssl/certs/cert_apache_chain.crt)
Step 5: Compare Step 2 and Step 4
Step 6: Script (/usr/local/cloud/systemvm/config_ssl.sh) will push certificates so, those logs will be available in cloud.log
Document ID:
360041797192
Product:
RoviusCP
Version:
4.11.0
Operating System:
Linux
コメント