cohesity_monitor certification path error and monitoring templates not being applied
search cancel

cohesity_monitor certification path error and monitoring templates not being applied

book

Article ID: 216055

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

When setting up a profile connection in the cohesity_monitor probe it results in this error when a self-signed cert is used:

[Data Collector - TEST Cohesity, cohesity_monitor] ========= Init config =========
[Data Collector - TEST Cohesity, cohesity_monitor] ========= Probe service starts alerts data provider =========
[Data Collector - TEST Cohesity, cohesity_monitor] sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[Data Collector - TEST Cohesity, cohesity_monitor] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    
at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)    
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967)    
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:331)    
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)    

 

With a CA cert the failure is:

[Data Collector - TEST Cohesity, cohesity_monitor] ========= Init config =========
[Data Collector - TEST Cohesity, cohesity_monitor] ========= Probe service starts alerts data provider =========
[Data Collector - TEST Cohesity, cohesity_monitor] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[Data Collector - TEST Cohesity, cohesity_monitor] javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)

Environment

  • Release: DX UIM 20.3 or higher
  • Component: cohesity_monitor v1.03 (GA)

Resolution

An established CA cert can be used or the self-signed certificate can be imported.

Steps followed:

1. Use version 1.00hf1 or higher. Current version is 1.03.

2. Select 'Use SSL'  & 'Accept all certificates' in the profile. 

3. Selected "Include in Template" in the Template Editor for the given-desired metrics/alarms.

4. We also enabled SNMP which was not selected.

Additional Information

The reason for the first error shown above is that JDK is bundled with a lot of trusted Certificate Authority(CA) certificates into a file called ‘cacerts’ but this file has no clue of a self-signed certificate. 

certs file location

cohesity_monitor robot: 
$\Nimsoft\jre\jre8u282b08\lib\security\cacerts 

keytool 
$\Nimsoft\jre\jre8u282b08\bin
keytool -importcert -file selfsigned.crt -alias selfsigned -keystore {{cacerts path}}

cohesity monitor - AC Apply Monitoring with Templates

 

Attachments

cohesity_monitor_1625591399004.zip get_app
Powered by Wolken Software