ESMPROC fails with RC=0100, with message "java.io.IOException: Failed validating certificate paths" in the logs
Article ID: 125393
Updated On:
Products
CA CIS
CA Common Services for z/OS
CA 90s Services
CA Database Management Solutions for DB2 for z/OS
CA Common Product Services Component
CA Common Services
CA Datacom/AD
CA ecoMeter Server Component FOC
CA Easytrieve Report Generator for Common Services
CA Infocai Maintenance
CA IPC
Unicenter CA-JCLCheck Common Component
CA Mainframe VM Product Manager
CA Chorus Software Manager
CA On Demand Portal
CA Service Desk Manager - Unified Self Service
CA PAM Client for Linux for zSeries
CA Mainframe Connector for Linux on System z
CA Graphical Management Interface
CA Web Administrator for Top Secret
CA CA- Xpertware
CA Compress Data Compression for MVS
CA Compress Data Compression for Fujitsu
Issue/Introduction
ESMPROC is failing with CC=100 and error message:
12:31:53.581 .main. INFO org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ."http-nio-7100".
12:31:53.646 .main. INFO org.apache.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ."http-nio-7100".
12:31:54.300 .main. INFO com.ca.sslsocket.CASSLImplementation - keyStoreFile name is safkeyring://ESMSERV/MESMRING
12:31:54.552 .main. ERROR org.apache.coyote.http11.Http11NioProtocol - Failed to start end point associated with ProtocolHandler ."http-nio-7100". java.io.IOException: Failed validating certificate paths
The problem is that ESMPROC is unable to validate the authenticity of server certificate and fails to start, throwing the IOException in its logs.
12:31:53.581 .main. INFO org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ."http-nio-7100".
12:31:53.646 .main. INFO org.apache.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ."http-nio-7100".
12:31:54.300 .main. INFO com.ca.sslsocket.CASSLImplementation - keyStoreFile name is safkeyring://ESMSERV/MESMRING
12:31:54.552 .main. ERROR org.apache.coyote.http11.Http11NioProtocol - Failed to start end point associated with ProtocolHandler ."http-nio-7100". java.io.IOException: Failed validating certificate paths
The problem is that ESMPROC is unable to validate the authenticity of server certificate and fails to start, throwing the IOException in its logs.
Cause
The signing certificate chain:
#1. Cannot be found; or
#2. Is ambiguous
in the keyring or cert stores being searched.
#1. Cannot be found; or
#2. Is ambiguous
in the keyring or cert stores being searched.
Environment
Release:
Component: ESMRIM
Component: ESMRIM
Resolution
1. (Cause #1) If you used your own signing certificate chain to generate the certificates for ESMPROC, all root and intermediary signing certificates must also be connected as CERTAUTHs to the keyring for ESMPROC (e.g. MESMRING).
2. (Cause #1) If you used another trusted certificate to sign the server certificate, that certificate is unknown to the ESM and needs to be imported into the database and keyring.
3. (Cause #2) If the keyring can satisfy the signing chain via more than one path, you can also get this message.
2. (Cause #1) If you used another trusted certificate to sign the server certificate, that certificate is unknown to the ESM and needs to be imported into the database and keyring.
3. (Cause #2) If the keyring can satisfy the signing chain via more than one path, you can also get this message.
Feedback
Powered by
