Jasper Jarvis connectivity failed

book

Article ID: 200945

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

In EventForwarder.log

2020-08-29 06:30:05.451 | ERROR | Listener-1 | com.ca.ppm.springAppCore.jms.MSGListener          :42    | I/O error on POST request for "https://<JARVISSERVER>:8443/ingestion":sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://<JARVISSERVER>:8443/ingestion":sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Environment

Release : 14.0

Component : CA ControlMinder

Resolution

Need to make sure that the certificate has been imported with the alias jarvisserver for the keystore used by the instance of java, see:

https://knowledge.broadcom.com/external/article?articleId=194367

Also need to make sure that the correct java install is being used by EventForwarder. We can see which java version is being used by looking at java stack traces in EventForwarder.log, e.g.

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) ~[?:1.8.0_252]


The java version is 1.8.0_252. This is different to the version installed by the 3rd party installer 1.8.0_101, and as it turned out was openjdk installed by the redhat installer. This meant that a different keystore was being used. To solve this force the EventForwarder to use the jdk installed by the 3rd party installer.

To force the 3rd party java on linux:

export JAVA_HOME=/usr/java/jdk1.8.0_101
export PATH=
/usr/java/jdk1.8.0_101/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/CA/SharedComponents/bin:/opt/CA/SharedComponents/ccs/cam/bin
java -cp ../../lib/*:../lib/EventForwarder-0.1-SNAPSHOT.jar com.ca.ppm.eventForwarder.core.EventForwarder > /dev/null 2>&1

On Windows:

/Services/EventForwarder/bin/acsiemwrap.ini should contain a line like:

Command line = "/java" -cp ...

Make sure in the above is correct for the java install.

And then restart EventForwarder. The errors above should no longer be in EventForwarder.log and it should connect to jarvis.