NX_CMDB_VISUALIZER environment variable on secondary servers is overwritten on services startup

book

Article ID: 17730

calendar_today

Updated On:

Products

APPLICATION DELIVERY ANALYSIS SUPERAGENT CA Infrastructure Performance CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Description:

Binding to the LDAP fails when attempting to test the LDAPS connection with the SSO utility with the following error message:

Could not obtain a DirectoryContext.
javax.naming.CommunicationException: simple bind failed: <ldap server name>:636 [Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find validcertification path to requested target]

Bind to the directory failed.

Solution:

  1. Make sure the certificate is imported into the correct java keystore:

    1. Import the certificate into the Java Trusted Certificates keystore using the following command:

      keytool -importcert -keystore installDirectory/jre/ lib/security/cacerts -storepass cacertspasswd -alias alias -file filename.cer
      keystore : he location of the keystore file (.ks).
      cacertspasswd : Specifies the password for the cacerts keystore. Default: changeit
      filename.cer : The filename of the certificate.

    2. Create a backup of the cacerts file.

    3. (Optional) For more security, change the password of the java trusted

      certificates keystore using the following command:
      keytool -storepasswd -keystore installDirectory/ jre/lib/security/cacerts
      You are prompted to provide the existing password and the new password.

    4. Verify that your imported certificate is available. Use the following

      command:
      keytool -list -keystore

  2. Other JRE's not installed by the product may cause conflicts with the keystore. If that is the case uninstall JRE's that are not part of the product's installation.

Environment

Release: SAMCNH99000-9.2-NetQoS-SuperAgent-Management Console-Hardware
Component: