APM - "SSLHandshakeException: unable to find valid certification path to requested target" on every ETC Provider log

book

Article ID: 210423

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope) DX Application Performance Management DX NetOps

Issue/Introduction

After installing SP3 or latest hotfixes I can see the below SSLHandshakeExceptions on every ETC Provider (MOM and Standalone) every few seconds:

2/15/21 03:57:07.528 PM CET [INFO] [Thread-ClusterTopologyPoller] [Manager.AppMap] Cannot send EM topology due: 'SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target' Will retry.

How can I fix the issue?

Environment

APM 10.7 SP3 and latest HOTFIXES

 

Resolution

If em-jetty-config.xml is configured to use <PROVIDER-HOME>/config/internal/server/keystore as TrustStore (and KeyStore) as below:

.....

<Set name="KeyStorePath">

                      <SystemProperty name="introscope.config" default="./config"/>/internal/server/keystore

                    </Set>

                    <Set name="KeyStorePassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>

                    <Set name="TrustStorePath">

                      <SystemProperty name="introscope.config" default="./config"/>/internal/server/keystore

                    </Set>

                    <Set name="TrustStorePassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>

.....

you must to import the ETC master certificate to <PROVIDER-HOME>/config/internal/server/keystore and not into <PROVIDER-HOME>/jre/lib/security/cacerts!!!

"<PROVIDER-HOME>/jre/bin/keytool" -importcert -keystore "<PROVIDER-HOME>/config/internal/server/keystore" -alias <your-cert-alias> -file "<PROVIDER-HOME>/config/internal/server/<your-cert>.crt" -storepass password

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/application-performance-management/10-7/administrating/configure-enterprise-team-center/enterprise-team-center.html

Team Center - Blank Page after Login, Status code 503, SSLHandshakeException
https://knowledge.broadcom.com/external/article/125671/team-center-blank-page-after-login-stat.html