HTTP job results in HTTP transport error: javax.net.ssl.SSLHandshakeException

book

Article ID: 19745

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent CA Workload Automation Agents DSERIES- SERVER CA Workload Automation DE - System Agent (dSeries)

Issue/Introduction

Description:

When running HTTP job, the job fails with "HTTP transport error: javax.net.ssl.SSLHandshakeException
: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target "
The error indicates that the agent is missing the proper SSL certificate in the keystore.

Solution:

Users can import their own SSL certificate to run HTTP jobs. To run the HTTP job using Application Services agent, the user must import the SSL certificate in the proper keystore. The default keystore for the agent is located in the <agent_install_directory>/jre/lib/security. The keystore file is called cacerts. The following commands will allow the user to import their own certificate.


 	cd <agent_install_directory>/jre/bin     
  	./keytool -import -file /tmp/customer.cer -keystore <agent_install_directory>/jre/lib/security/cacerts 
  	Enter keystore password: 
  	Re-enter new password:

The initial password for keystore is 'changeit'. Enter it twice as shown in the above example. The password can be changed using the following command:


 	keytool -storepasswd -keystore <agent_install_directory>/jre/lib/security/cacerts     
 	Enter keystore password: <enter old or current password> 
 	New keystore password: 
 	Re-enter new keystore password:

Environment

Release: WKLASE99000-11.3-Workload Automation-Agent SE
Component: