WA Agent HTTP job add certificate to keystore
search cancel

WA Agent HTTP job add certificate to keystore


Article ID: 208993


Updated On:


CA Workload Automation AE - System Agent (AutoSys) Workload Automation Agent CA Workload Automation DE - System Agent (dSeries) CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation DE - Business Agents (dSeries)


The HTTP job may fail if the remote (server) SSL certificate is not added to agent's keystore.  

java.security.cert.CertificateException: signature verification failed - Certificate issuer: CN=Some Root CA s not in the client keystore.

Users may see this error as well:

11/01/20XX 00:00:12.345-0100 1 AppServicesPlugin.HTTP-V2_JOB/MYTEST.8/MAIN[HTTP(S)].CybHTTPAbstractProcessor.a[:926] - java.net.SocketException: Socket is closed
at sun.security.ssl.SSLSocketImpl.getOutputStream(SSLSocketImpl.java:1123)
at org.apache.hc.core5.http.impl.io.SocketHolder.getOutputStream(SocketHolder.java:77)
at org.apache.hc.client5.http.impl.io.LoggingSocketHolder.getOutputStream(LoggingSocketHolder.java:55)
at org.apache.hc.core5.http.impl.io.SocketHolder.getOutputStream(SocketHolder.java:85)
at org.apache.hc.core5.http.impl.io.DefaultBHttpClientConnection.sendRequestHeader(DefaultBHttpClientConnection.java:184)
at org.apache.hc.core5.http.impl.io.HttpRequestExecutor.execute(HttpRequestExecutor.java:131)





Release : 11.5, 11.5, R12

Component : CA Workload Automation System Agent


The certificate has to be added to the keystore.


The WA Agent can automatically add any new certificate to the default keystore cacerts in the agent install directory.  Add the following parameter to the agentparm.txt and restart the agent. 


Agent by default uses cacerts as client keystore, located inside agent install directory.  Users may use their own keystore, but will have to define path and password for it in the agentparm.txt.

Additional Information

For more information on parameter and to add the certificate manually, refer to this link.