Problem Securing Execution Server
search cancel

Problem Securing Execution Server

book

Article ID: 111831

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

I am unable to make the communication between Management server and execution server secure. 
While in ASAP the following error is given after changing the port to 8443 and protocol to https: 
Could not access HTTP invoker remote service at [HTTPS://executionServerName:8443/execution/UpdateCommunicationService]; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Environment

CA Release Automation Server 6.6.0.9640

Cause

An attempt was made to update the conf/keyStore.jks with a custom certificate. This causes problems while initializing the startup of the Execution Server. An error like the following can be found in the logs/nolio_exec_all.log:

<date> <time> <thread> ERROR <class> - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.scheduling.support... .... .... .... 
 ... ...
 ... ... Invocation of init method failed; nested exception is java.lang.RuntimeException: java.security.UnrecoverableKeyException: Cannot recover key
 

Resolution

By default, the conf/keyStore.jks keystore file has a single key that has an alias that is the same as the hostname where the keystore file is located. Remove the custom certificate that had been attempted to be added using the command: <RAExecutionServerInstallDir>/jre/bin/keytool -delete -alias <alias of your custom key> -keystore conf/keyStore.jks

 

Additional Information

Product Documentation: Secure Management Server to Execution Server Communication
KB Article: Configuring SSL for RA repository server
KB Article: Secure Communications With Signed Certificates