UIM 9.2.0 Upgrade Prep SQL SSL Error
search cancel

UIM 9.2.0 Upgrade Prep SQL SSL Error

book

Article ID: 136200

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

I'm attempting to upgrade from UIM 9.0.2 to 9.2.0 and am receiving the following SQL SSL Error at the very beginning of the upgrade.


The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty". 



Environment

Release : 9.0.2

Component : UNIFIED INFRASTRUCTURE MGMT

TLS 1.2

MSSQL

Cause

This is the result of TLS 1.2 configuration in data_engine where the "Always Trust Server Certificate" option has been used and a Java Keystore has not been created.



Resolution

Follow these steps:


On the primary hub:


Open the Microsoft Management Console (MMC).

Click File, Add/Remove Snap-in.

Click Certificates.

Click Add.

Select Computer account.

Click Next.

Select the local computer option.

Click Finish.

Click OK.

Now, expand Certificates (Local Computer)->Trusted Certificate Authorities->Certificates.

Locate the certificate which corresponds to your SQL database server.  (This would have been created when you set up TLS 1.2 in UIM to begin with. If it is not present, consult your DBA to request a server certificate for the SQL Server.)

Right-click the certificate and select All Tasks, Export...


Click Next on the Certificate Export Wizard.


Follow the required selections for Base-64 encoded X.509 (.CER) and specify the location where you want to save the exported file. (Anywhere on the primary hub is fine... e.g. d:\my_cert.cer)



Once you have the .CER file exported you will need to create a Java Keystore containing this certificate.


In the following example we will assume the .CER file has been saved to D:\my_cert.cer and that we want to create a keystore called D:\keystore.jks


Follow these steps:


On the primary hub, open a command prompt.


navigate to (UIM Installation folder)\Nimsoft\jre\jre8u102\bin\


run the following command:


keytool -import -alias <full_sqlserver_name> -file <certificate_file> -keystore <jks_filename> -storepass <password>


example:


keytool -import -alias SQLSERVER.MYDOMAIN.COM -file D:\my_cert.cer -keystore D:\keystore.jks -storepass Abc@123



MAKE NOTE OF THE PASSWORD CHOSEN HERE (eg. Abc@123)! You will need it later.


Enter yes when prompted whether you want to trust the certificate.



The .jks file is created. (e.g. D:\keystore.jks)



Now, open the data_engine GUI in Infrastructure Manager.


Go to the "Database" tab.


For "Data Source", make sure you have specified the SQL server's FQDN here. (e.g. Enter SQLSERVER.MYDOMAIN.COM)


Uncheck the box marked "Always Trust Server Certificate" near the bottom.


Click "Browse" next to the Trust Store File window, and navigate to the keystore we created (e.g. d:\keystore.jks) and click OK.


Enter the password created in the previous step for the keystore password (e.g. Abc@123) and click OK.


The data_engine will restart. Check to make sure there are no errors in the logs or problems restarting.


You should also now see a file called truststore.jks in the (UIM Installation Folder)\Nimsoft\security\ folder.


Once the data_engine has restarted and the truststore.jks file is present you will be able to perform the 9.2.0 upgrade successfully.


Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/9-0-2/installing/pre-installation-planning/install-and-configure-your-database-software/microsoft-sql-server/support-for-tls-v1-2-microsoft-sql-server.html

Powered by Wolken Software