How do I configure the AAI Automic Connector to communicate with the Automic REST API via HTTPS?

Products

Automic Automation Intelligence

Issue/Introduction

If adding an Automic Scheduler to AAI that runs HTTPS, you may see the error below when starting the automic-connector service.

ERROR [AutomicProcessingTrigger] (AXk9Ivu3J4M=) - Error occurs during emitting events
javax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine.invoke(ManualClosingApacheHttpClient43Engine.java:287) ~[resteasy-client-4.5.6.Final.jar!/:4.5.6.Final]

Environment

Release : 6.3.1

Component : AUTOMIC AUTOMATION INTELLIGENCE INTEGRATION FOR AWA

Resolution

1. Obtain the certificates for the Automic Rest API and AWI(if different servers).

To obtain the Automic Rest API Certificate, you can load the Automic REST API URL in a browser, and click on the Lock Icon to the left of the URL to view the certificate, then copy to file and save as a .cer file.

2. If the certificate is a signed trusted certificate, and has a root and intermediate certificate in the Certificate Path tab, select each certificate, and select "View Certificate" and the copy each certificate to a .cer file.

3. Verify the version of Java that the Automic Connector is using is set in the %JAVA_HOME% or $JAVA_HOME

On Windows run:

echo %JAVA_HOME%

On Linux run:

echo $JAVA_HOME

If it is not set, please set the JAVA_HOME variable to point to the java version that will run the connector.

Windows:

Got to Start->Settings->Search for "Edit Environment Variables for your account" in the search bar.

Under "System Variables" select "New" and add JAVA_HOME like below:

On Linux run:

export JAVA_HOME=/usr/java/jdk1.8.*

4. Verify that the Java version that will be running the connector, and that is in the JAVA_HOME variable, is the only JAVA in the system path in the Edit Environment Variables window from step 3.

If there are other versions of java in the System PATH environment variable, remove them or move the correct path to the Java*\jre\bin directory to the front of the PATH variable.

5. Import each the Automic REST API certificate using keytool into:

Windows:

%JAVA_HOME%\jre\lib\security\cacerts keystore

Linux:

. ($JAVA_HOME/jre/lib/security/cacerts on Linux

For example:

Import the Automic API server certificate like below using the certificate name and a distinct alias for each certificate:

keytool -import -alias automic_api -trustcacerts -file automic_api.cer -keystore "%java_home%\jre\lib\security\cacerts"

If there are root and intermediate certificates

keytool -import -alias automic_root -trustcacerts -file automic_root.cer -keystore "%java_home%\jre\lib\security\cacerts"

keytool -import -alias intermediate_automic -trustcacerts -file intermediate_automic.cer -keystore "%java_home%\jre\lib\security\cacerts"

6. Add the Automic scheduler through the AAI v2 website.

http://<ServerName>:8080/aai/web/v2

The hostname in the REST API URL, should be a fully qualified domain name, and should match the FQDN either in the "Subject" or "Subject Alternative Name" fields within the certificate.

7. Start the automic-connector service.

If on windows you may need to stop the Windows automic-connector service, and start the process by running "java -jar automic-connector*.jar"

Additional Information

To configure the Automic Connector to communicate with AAI via HTTPS follow the steps in the links below:

https://docs.automic.com/documentation/webhelp/english/ALL/components/TERMA/latest/AAI%20Guides/Content/SecuringConnectors/Overview_ClientCert_Authentication.htm

https://docs.automic.com/documentation/webhelp/english/ALL/components/TERMA/latest/AAI%20Guides/Content/SecuringConnectors/ConfigureConnector_Authentication.htm