Error "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure" When testing integration between Service Catalog and Service Desk Manager

book

Article ID: 127980

calendar_today

Updated On:

Products

CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

When testing connection from Service Catalog (no SSL) to Service Desk Manager (SSL):

ERROR [http-bio-8080-exec-5] [CPortal] Error occurred in getSDMClientURL: ; nested exception is:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
com.ca.usm.webservices.WebserviceException: ; nested exception is:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ca.usm.webservices.ServiceDeskWebserviceManager.login(ServiceDeskWebserviceManager.java:166)
at com.ca.usm.common.ContentEngine.CPortal.getSDMClientURL(CPortal.java:2201)
at sun.reflect.GeneratedMethodAccessor404.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.ca.usm.contentInterface.PluginMethod.invoke(DefaultContentEngine.java:172)
at com.ca.usm.contentInterface.DefaultContentEngine.invokeMethod(DefaultContentEngine.java:98)
at com.ca.usm.contentInterface.DefaultContentEngine.processRequest(DefaultContentEngine.java:57)
at com.ca.usm.contentInterface.DefaultContentEngine.processRequest(DefaultContentEngine.java:17)
at com.ca.usm.util.ViewManager.executeRequest(ViewManager.java:92)
at com.ca.usm.util.ViewManager.doRequest(ViewManager.java:51)
at com.ca.usm.util.ViewManager.processRequest(ViewManager.java:28)
at com.ca.usm.producer.DocumentGenerator.processRequest(DocumentGenerator.java:562)
at com.ca.usm.producer.DocumentGenerator.generateDocument(DocumentGenerator.java:269)
at com.ca.usm.producer.DocumentGenerator.generateDocument(DocumentGenerator.java:240)
at com.ca.usm.producer.DomProcessor.renderPage(DomProcessor.java:167)
at com.ca.usm.producer.DomProcessor.service(DomProcessor.java:119)
at com.ca.usm.producer.WPFServlet.service(WPFServlet.java:334)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.ca.usm.system.ThreadLocalFilter.doFilter(ThreadLocalFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChai

Cause

Service Catalog does not know the Service Desk Manager certificates so Service Catalog cannot establish connection to SDM.

Environment

Service Catalog 14.1 and later
Service Desk Manager 14.1 and later

Resolution

1) Export the certificate(s):

a) Navigate to SDM via the browser and select 'Certificate' next to the URL
b) Select 'View certificates'
c) From the 'Details' tab select 'Copy to File...'
d) Select 'Base-64 encoded X.509 (.CER)' for the format
e) Specify a file name (i.e. c:\sdmcert1)
f) Repeat steps a to e for each certificate in the chain (root, intermediate, child)

2) Import the certificate into the Catalog 14.1 JVMs trusted certificate store:

a) Copy the certificate exported in step 1 to the Catalog server (i.e. c:\sdmcert1.cer)
b) Open a Service Catalog Command Prompt
c) Change directory into C:\Program Files\CA\Service Catalog\embedded\jre8\lib\security
d) Create backup of the cacerts file and then run the following:

"C:\Program Files\CA\Service Catalog\jre\bin\keytool.exe" -import -noprompt -trustcacerts -alias sdmcert1 -file c:\sdmcert1.cer -keystore cacerts -storepass changeit

In this case I specified an alias of 'sdmcert1' (you can specify an alias of your choice) and referenced the exported certificate (i.e. sdmcert1.cer).

The expected output of this command is as follows:

Certificate was added to keystore

e) Repeat the steps for each certificate in the chain. Remember to change alias for each one.

3) Restart Catalog. Repeat the steps for each Catalog node.