Datamaker cannot perform an Enterprise Publish because the configured location of TDM portal is incorrect or portal is not running

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

ERROR: Datamaker cannot perform an Enterprise Publish because the configured location of TDM portal is incorrect or the portal is not running.

The restutil log will have an exception listed:

INFO: Using TDM Portal at (specified via CMD LINE) https://tdmportal.sub.ca.com:8443
INFO: Publishing job 1234
ERROR: Datamaker cannot perform an Enterprise Publish because the configured location of TDM portal is incorrect or the portal is not running.
INFO: PublishException caught at top-level:
com.ca.tdm.restutil.PublishException: Datamaker cannot perform an Enterprise Publish because the configured location of TDM portal is incorrect or the portal is not running.
    at com.ca.tdm.restutil.Api.exchange(Api.java:249)
    at com.ca.tdm.restutil.Api.login(Api.java:103)
    at com.ca.tdm.restutil.Api.login(Api.java:72)
    at com.ca.tdm.restutil.ActionPublish.perform(ActionPublish.java:84)
    at com.ca.tdm.restutil.Cli.runImplementation(Cli.java:139)
    at com.ca.tdm.restutil.Cli.run(Cli.java:89)
    at com.ca.tdm.restutil.Application.main(Application.java:28)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:54)
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:104)
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:61)
    at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:52)
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://tdmportal.sub.ca.com:8443/TestDataManager/user/login": 
java.security.cert.CertificateException: No subject alternative DNS name matching tdmportal.sub.ca.com found.; 
nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
No subject alternative DNS name matching tdmportal.sub.ca.com found.
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:607)
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:572)
    at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:534)
    at com.ca.tdm.restutil.Api.exchange(Api.java:240)
    ... 14 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching tdmportal.sub.ca.com found.
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
    at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:80)
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:596)
    ... 17 common frames omitted
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching tdmportal.sub.ca.com found.
    at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:214)
    at sun.security.util.HostnameChecker.match(HostnameChecker.java:96)
    at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1019)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
    ... 31 common frames omitted

Environment

TDM
Test Data Manager
Portal
Datamaker

Cause

There are two likely causes for this problem:
The wrong FQDN could be specified within the repo for the TDM Portal's location.
OR
The certificate is configured to accept requests via the hostname specified - for example a FQDN that uses a sub-domain.

Resolution

First, make sure that the correct hostname/FQDN is used in the publish action by validating the configuration within the gtrep:

select url from gtrep_service_status where service_name = 'tdmpublish';

If this is incorrect, update it accordingly:

update gtrep_service_status set url = 'https://[FQDN]:[PORT]' where service_name = 'tdmpublish'

If this isn't the problem, or doesn't resolve the problem, it's likely that the certificate doesn't contain the proper "Subject Alternative Name" (SAN) for the hostname/FQDN being used.
If this is the case, then the certificate will need to be recreated.

Example of how to include additional Subject Alternative Name(s) for a Self-Signed Certificate:

The "alias" used in this example is "TDMPORTAL". This is also being used as the hostname.
The alias can be anything that is unique to the keystore and doesn't have to be the hostname.

Stop the "CA Test Data Manager Portal" service
Open a command prompt

Add JRE\bin to the PATH:

set PATH=%PATH%;C:\Program Files\CA\CA Test Data Manager Portal\jre\bin

cd C:\Program Files\CA\CA Test Data Manager Portal\conf

Generate a new cert:

keytool -genkey -alias "TDMPORTAL" -keyalg RSA -keystore ".newkeystore" -ext san=dns:localhost,dns:TDMPORTAL,dns:TDMPORTAL.sub.ca.com,dns:TDMPORTAL.ca.com

Validate the cert with the configured SAN's:

keytool -list -v -keystore .newkeystore -alias TDMPORTAL

cd C:\Program Files\CA\CA Test Data Manager Portal\service\bin
EncryptionUtil.bat -p
1. Provide the same password used for the keystore when the cert was generated in step 5

pen C:\Program Files\CA\CA Test Data Manager Portal\conf\application.properties and modify the tdmweb.key* values accordingly:

tdmweb.keystorePath=C:/Program Files/CA/CA Test Data Manager Portal/conf/.keystore
tdmweb.keystorePassword=[encrypted password returned from step 8, including {cry} prefix]
tdmweb.keyAlias="TDMPORTAL"

Save the application.properties
Restart the "CA Test Data Manager Portal" service

Additional Information

The default password for most Java Keystores is "changeit" - this is not seen as secure and should be avoided accordingly when generating your own keystore.
Be sure to save the password in a known location where it will be accessible if needed.

Refer to the following documentation:
Create and Implement a Self-Signed Certificate

Use a Certificate from a Third-Party Certificate Authority

If using a Third-Party CA, please check with the CA on the requirements for including additional Subject Alternate Names within the Certificate Signing Request (CSR).