Error javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure When testing integration between Service Catalog and Service Desk Manager
Article ID: 127980
Updated On:
Products
Issue/Introduction
When testing connection from Service Catalog (no SSL) to Service Desk Manager (SSL):
ERROR [http-bio-8080-exec-5] [CPortal] Error occurred in getSDMClientURL: ; nested exception is:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
com.ca.usm.webservices.WebserviceException: ; nested exception is:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ca.usm.webservices.ServiceDeskWebserviceManager.login(ServiceDeskWebserviceManager.java:166)
at com.ca.usm.common.ContentEngine.CPortal.getSDMClientURL(CPortal.java:2201)
at sun.reflect.GeneratedMethodAccessor404.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.ca.usm.contentInterface.PluginMethod.invoke(DefaultContentEngine.java:172)
at com.ca.usm.contentInterface.DefaultContentEngine.invokeMethod(DefaultContentEngine.java:98)
at com.ca.usm.contentInterface.DefaultContentEngine.processRequest(DefaultContentEngine.java:57)
at com.ca.usm.contentInterface.DefaultContentEngine.processRequest(DefaultContentEngine.java:17)
at com.ca.usm.util.ViewManager.executeRequest(ViewManager.java:92)
at com.ca.usm.util.ViewManager.doRequest(ViewManager.java:51)
at com.ca.usm.util.ViewManager.processRequest(ViewManager.java:28)
at com.ca.usm.producer.DocumentGenerator.processRequest(DocumentGenerator.java:562)
at com.ca.usm.producer.DocumentGenerator.generateDocument(DocumentGenerator.java:269)
at com.ca.usm.producer.DocumentGenerator.generateDocument(DocumentGenerator.java:240)
at com.ca.usm.producer.DomProcessor.renderPage(DomProcessor.java:167)
at com.ca.usm.producer.DomProcessor.service(DomProcessor.java:119)
at com.ca.usm.producer.WPFServlet.service(WPFServlet.java:334)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.ca.usm.system.ThreadLocalFilter.doFilter(ThreadLocalFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChai
Environment
Service Catalog 17.x and later
Service Desk Manager 17.x and later
Cause
Service Catalog does not know the Service Desk Manager certificates and Service Catalog cannot establish connection to SDM.
Resolution
1) Export the certificate(s):
a) Navigate to SDM via the browser and select 'Certificate' next to the URL
b) Select 'View certificates'
c) From the 'Details' tab select 'Copy to File...'
d) Select 'Base-64 encoded X.509 (.CER)' for the format
e) Specify a file name (i.e. c:\sdmcert1)
f) Repeat steps a to e for each certificate in the chain (root, intermediate, child)
2) Import the certificate into the Catalog JVMs trusted certificate store:
a) Copy the certificate exported in step 1 to the Catalog server (i.e. c:\sdmcert1.cer)
b) Open a Service Catalog Command Prompt
c) Change directory into C:\Program Files\CA\Service Catalog\embedded\jre8\lib\security
d) Create backup of the cacerts file and then run the following:
"C:\Program Files\CA\Service Catalog\jdk\bin\keytool.exe" -import -noprompt -trustcacerts -alias sdmcert1 -file c:\sdmcert1.cer -keystore cacerts -storepass changeit
In this case I specified an alias of 'sdmcert1' (you can specify an alias of your choice) and referenced the exported certificate (i.e. sdmcert1.cer).
The expected output of this command is as follows:
Certificate was added to keystore
e) Repeat the steps for each certificate in the chain. Remember to change alias for each one.
3) Restart Catalog. Repeat the steps for each Catalog node.
Feedback
