Unable to register Template

Problem

ERROR: Unable to register template when register from HTTPS

I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Root Cause

JAVA is not able to validate destination SSL cert. 

- Keystore cert file was not available in SSVM. (/etc/ssl/certs/cert_apache_chain.crt)
- Modified Global setting "consoleproxy.url.domain" (Domain name) and "secstorage.encrypt.copy" (true) value.
- Recreated SSVM

Resolution/Workaround

- Upload SSL cert for the running environment.

- Added Values into "consoleproxy.url.domain", "secstorage.encrypt.copy", "secstorage.ssl.cert.domain"

- Restart or recreate SSVM if needed


Now, the certificate will be pushed to SSVM so, JAVA can validate this cert against destination SSL for the handshake.

Verification

We can verify as below.

Step 1. Login into DB

Step 2. run (select * from keystore\G) [note down result]

Step 3: Log in to SSVM

Step 4: Open file (/etc/ssl/certs/cert_apache_chain.crt

Step 5: Compare Step 2 and Step 4 

Step 6: Script (/usr/local/cloud/systemvm/config_ssl.sh) will push certificates so, those logs will be available in cloud.log 

Document ID:
360041797192

Product:
RoviusCP

Version:
4.11.0

Operating System:
Linux

Zendesk Ticket ID:
71806

 
この記事は役に立ちましたか?
0人中0人がこの記事が役に立ったと言っています

コメント