CA Asset Protfolio Management services may fail to start up due to SSL certificate issues:
Data Importer Engine
HW Reconciliation Engine
LDAP Import Service
The below error will appear in the service log file:
INFO CA.Applications.DataImporterEngine.ImportServiceManager - ..Initializing Web Server [https://<APP-SERVER-NAME>:443/ITAMService/Service.asmx] access for Import Service
ERROR CA.Applications.DataImporterEngine.ImportServiceManager - An error occurred while accessing the Web Server:System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
This error can be cause for the following reasons:
1- the certificate was not issued by a trusted Certification Authority;
2- the certificate was issued to a name other than the Application Server hostname.
First make sure the certificate is not expired or revoked.
Open the certificate assigned to the ITAMService site (.cer file) and click Install Certificate. Follow the wizard and select 'Place all certificates in the following store', click Browse and select 'Trusted Root Certification Authority'. Restart the affected service and make sure that the SSL error is notlogged.
If the certificate was generated to an address other than the Application Service configured address in APM, you will need to manually update SQL entries to reflect this scenario. First make sure you can access the Web Service address using the following URL and that no SSL warning is displayed:
Once this has been verified and a full valid MDB backup has been taken you can proceed with the following update on the MDB:
UPDATE al_cdb_configurationparameters SET configvalue = '<issued-cert-name>'
WHERE configkey = 'ComponentServerName' AND componentkey = 'Application_Server'
Issue the command 'iisreset' on the Web and Application Servers and attempt to start the affected services.
If the above does not solve the problem please raise a ticket with CA Support.