Unable to validate certificate error on EM/Webview startup

book

Article ID: 140605

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE

Issue/Introduction

Upgraded the MOM and collectors to 10.7.0 and SP3. but upon MOM upgrade to sp3. it is not starting up. it is throwing below error

 [ERROR] [main] [Manager.EMWebServer] The EM Webstart service could not be started :Unable to validate certificate: the trustAnchors parameter must be non-empty

 

 

Cause

Missing configuration value in em-jetty-config.xml 

Environment

Release : 10.7.0

Component : APM Agents

Resolution

The Doc section in https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/application-performance-management/10-7/administrating/configure-enterprise-manager/configure-enterprise-manager-communications.html

in Jetty Configuration Options for SSL

explains if ValidateCertificates is true then 


Modify em-jetty-config.xml and enable appropriate validation methods. This modification means that either both or the appropriate one of these following settings have to be enabled:



<Set name="enableCRLDP">true</Set> - the validation uses Certificate Revocation List file URL that is specified as an extension of X.509 certificate.



<Set name="enableOCSP">true</Set> - the validation uses OCSP responder. This OCSP responder URL can also be specified in X.509 certificate as an extension. If the certificate does not define this OCSP responder URL, it can be specified with <Set name="ocspResponderURL">http://example.com/ocsp</Set>.



For more information, see Jetty 9.4 SslContextFactory class documentation.