search cancel

cohesity_monitor Probe Error when testing connection.

book

Article ID: 216055

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

When setting up a profile connection in the cohesity_monitor probe it results in this error when a self signed cert is used:

May 27 08:46:08:539 [Data Collector - TEST Cohesity, cohesity_monitor] ========= Init config =========
May 27 08:46:08:539 [Data Collector - TEST Cohesity, cohesity_monitor] ========= Probe service starts alerts data provider =========
May 27 08:46:08:555 [Data Collector - TEST Cohesity, cohesity_monitor] sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
May 27 08:46:08:555 [Data Collector - TEST Cohesity, cohesity_monitor] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    
at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)    
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967)    
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:331)    
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)    

 

With a CA cert the failure is: 
un 07 07:10:34:353 [Data Collector - TEST Cohesity, cohesity_monitor] ========= Init config =========
Jun 07 07:10:34:353 [Data Collector - TEST Cohesity, cohesity_monitor] ========= Probe service starts alerts data provider =========
Jun 07 07:10:34:386 [Data Collector - TEST Cohesity, cohesity_monitor] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Jun 07 07:10:34:387 [Data Collector - TEST Cohesity, cohesity_monitor] javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)

Environment

Release : 20.3

Component : cohesity_monitor

Resolution

An established CA cert can be used or the self cert imported and version 1.00hf1 or later used and select 'Use SSL'  & 'Accept all certificates' in the profile. 

Additional Information

The reason, for the first above error is that JDK is bundled with a lot of trusted Certificate Authority(CA) certificates into a file called ‘cacerts’ but this file has no clue of a self-signed certificate. 

The certs file location: 
cohesity_monitor robot 
$\Nimsoft\jre\jre8u282b08\lib\security\cacerts 

keytool 
$\Nimsoft\jre\jre8u282b08\bin
keytool -importcert -file selfsigned.crt -alias selfsigned -keystore {{cacerts path}}

Attachments

cohesity_monitor_1625591399004.zip get_app