FlexResponse Rule to allow emails was failing. Localhost logs show the following error...
15 jun 2020 09:27:55,460- Thread: 197 SEVERE [com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectPlugin] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
Cause:
com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailWsRemediationSession.wsConnect(EmailWsRemediationSession.java:267)
at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailWsRemediationSession.createConnection(EmailWsRemediationSession.java:196)
at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailWsRemediationSession.submit(EmailWsRemediationSession.java:142)
at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectRemediator.invokeWebService(EmailQuarantineConnectRemediator.java:39)
at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectAction.execute(EmailQuarantineConnectAction.java:49)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:313)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:297)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.run(ActionInvoker.java:171)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
All
The error message "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed" indicates that the Certificate Signatures between the two servers do not match.
In this case the customers Certificates had expired, and they had created a new set of Certificates, but were running into this error. It turns out the customer environment was an upgraded environment. They were updating the Certificates in the Old installation of DLP instead of the Current installation of DLP. So the current version of DLP was not getting the Certificate updates as expected.
Customer needed to import the SMG Certificate into the keystore in the correct path for the version of DLP that they were currently using instead of the older version of DLP which was no longer in use.