Identity Manager Bulk Load client SSL issue after upgrade
search cancel

Identity Manager Bulk Load client SSL issue after upgrade

book

Article ID: 139817

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

The customer upgraded IM Bulk Load client from 12.6.8 to 14.3.

Bulk Load client is configured to communicate with Identity Manager Server over SSL.

After an upgrade the Bulk Load client cannot utilise SSL connection:

D:\Program Files (x86)\appl\CA\Identity Manager\Bulk Loader\bin>imbulkloadclient.bat -f CSV -i bltest.csv -b 200

IM Bulk Loader invoked ...

deobfuscateWSSPassword set to true!

Loaded configuration options from properties file: ../conf/imbulkloadclient.properties

Input file name: bltest.csv

Input file format: CSV

Transformation of input file finished successfully

Server URL: https://<servername>.<domain.>.com/iam/im/TEWS6/aep

Submitting records in batches of size: 200

WARN  16-10 18:14:37,742 - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.

Failed to submit data to server: ; nested exception is:

javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

D:\Program Files (x86)\appl\CA\Identity Manager\Bulk Loader\bin>

 

Environment

Release : 14.3

Component : IdentityMinder(Identity Manager) Bulk Load

Resolution

Bulk Load client needs to trust Identity Manager certificate. After an upgrade from 12.6.8 to 14.3 the IM certificate needs to be imported into Bulk loader keystore. 


Follow these steps:


1. Import the CA Identity Manager certificate file to the Bulk Load Client keystore from the host where the Bulk Load Client is installed. Use the Java keytool utility to create a keystore and import the server certificate as a trusted certificate.


keytool -import -alias imserver -file <your_server_cert_file> -keystore %HOMEDRIVE%%HOMEPATH%\.imbulkloaderkeystore 


2. Edit the imbulkloadclient.bat file or the imbulkloadclient.sh file to set TRUSTSTORE_PASSWORD to the value you entered in the previous step.

Additional Information

Here's related document:


https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-management-and-governance-connectors/1-0/bulk-load-client/authenticating-to-the-ca-identity-manager-server.html

Powered by Wolken Software