CA WA Agent: FTPS (FTP over SSL) java.security.cert.CertificateException: signature verification failed
search cancel

CA WA Agent: FTPS (FTP over SSL) java.security.cert.CertificateException: signature verification failed

book

Article ID: 130253

calendar_today

Updated On:

Products

DSERIES- SERVER CA Workload Automation DE - System Agent (dSeries)

Issue/Introduction

When executing an FTPS (FTP over SSL) job on CA WA Agent, the agent gets this error:
  
234 AUTH command ok. Expecting TLS Negotiation.
Certificate [1] issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA .......
java.security.cert.CertificateException: signature verification failed - 
Certificate issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, 
L=xxxxxx, ST=Greater Manchester, C=GB is not in the client keystore.

Environment

CA WA Agent 11.3 / 11.4
OS: Any

Cause

The CA WA Agent does not recognize the certificate presented by the FTPS server.  The certificate needs to be added to the WA Agent's client keystore.

Resolution

The CA WA Agent can add the certificates that are not in the keystore.  In the agentparm.txt add this and restart the agent. 
ftp.client.ssl.accept_new_ca=true

Additional Information

Note: The above setting will allow the WA Agent to add any new certificates it gets.  The above setting may be temporarily set to allow the agent to add the certificate from known hosts.  It can then be turned off or set to 'false', once all the required certificates have been added.
Powered by Wolken Software