CA Release Automation - Release Operations Center (Nolio)CA Release Automation - DataManagement Server (Nolio)
Issue/Introduction
I am unable to make the communication between Management server and execution server secure. While in ASAP the following error is given after changing the port to 8443 and protocol to https: Could not access HTTP invoker remote service at [HTTPS://executionServerName:8443/execution/UpdateCommunicationService]; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Environment
CA Release Automation Server 6.6.0.9640
Cause
An attempt was made to update the conf/keyStore.jks with a custom certificate. This causes problems while initializing the startup of the Execution Server. An error like the following can be found in the logs/nolio_exec_all.log:
<date> <time> <thread> ERROR <class> - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.scheduling.support... .... .... .... ... ... ... ... Invocation of init method failed; nested exception is java.lang.RuntimeException: java.security.UnrecoverableKeyException: Cannot recover key
Resolution
By default, the conf/keyStore.jks keystore file has a single key that has an alias that is the same as the hostname where the keystore file is located. Remove the custom certificate that had been attempted to be added using the command: <RAExecutionServerInstallDir>/jre/bin/keytool -delete -alias <alias of your custom key> -keystore conf/keyStore.jks