Workload Automation Agent: FTPS job failed with error "performLogin failed"

book

Article ID: 145078

calendar_today

Updated On:

Products

CA Workload Automation DE - Business Agents (dSeries) CA Workload Automation DE DSERIES- SERVER CA Workload Automation DE - System Agent (dSeries) CA Workload Automation DE - Scheduler (dSeries)

Issue/Introduction

An FTP/FTPS job failing with a message "performLogin failed".

Cause

The SSL certificate sent from the FTP server is not recognized.  The certificate needs to be added to the keystore.

Environment

Release : 11.x

Component : CA WORKLOAD AUTOMATION AGENT

Resolution

Add the certificate of the remote host (FTP server) to the agents keystore.  The default keystore of WA Agent is called cacerts. It is located in the install directory of the WA Agent.

The following parameter allows agent to automatically add any new certificates without the need to add the certificate manually.
Add this in the agentparm.txt and restart the agent.

ftp.client.ssl.accept_new_ca=true

If manually adding the certificate, then use the keytool utility to add the certificate.  

1. Open command prompt.
2. Navigate to agent directory (e.g. C:\CA\WA_Agent or /opt/CA/WA_Agent)
3. Execute this command:

keytool -import -file <cert_file> -alias ftpsjob certificate.pem -keystore cacerts -storepass "changeit"

4. The certificate.pem is the certificate that should already be downloaded from the remote host.  Copy it in the Agent install directory.  It can be removed once the import is done.  
5.  The -alias switch can anything, but it must be unique.  All certificates in keystore have a unique alias.