ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Problem Securing Execution Server
book
Article ID: 111831
calendar_today
Updated On:
Products
CA Release Automation - Release Operations Center (Nolio)CA Release Automation - DataManagement Server (Nolio)
Issue/Introduction
I am unable to make the communication between Management server and execution server secure. While in ASAP the following error is given after changing the port to 8443 and protocol to https: Could not access HTTP invoker remote service at [HTTPS://executionServerName:8443/execution/UpdateCommunicationService]; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Cause
An attempt was made to update the conf/keyStore.jks with a custom certificate. This causes problems while initializing the startup of the Execution Server. An error like the following can be found in the logs/nolio_exec_all.log:
<date> <time> <thread> ERROR <class> - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.scheduling.support... .... .... .... ... ... ... ... Invocation of init method failed; nested exception is java.lang.RuntimeException: java.security.UnrecoverableKeyException: Cannot recover key
Environment
CA Release Automation Server 6.6.0.9640
Resolution
By default, the conf/keyStore.jks keystore file has a single key that has an alias that is the same as the hostname where the keystore file is located. Remove the custom certificate that had been attempted to be added using the command: <RAExecutionServerInstallDir>/jre/bin/keytool -delete -alias <alias of your custom key> -keystore conf/keyStore.jks