After updating java_jre package on the OC servers, we identified the policy_management queue was no longer processing alarm policies and was in a yellow state. 

Policy logs display the following errors:

2022-03-11 12:24:50,175 DEBUG com.ca.uim.policy.management.events.service.HeartBeatService:registerThisNode:282 [Catalina-utility-1] - Registering the policy node to master@https://<hubname>:8443/adminconsoleapp
2022-03-11 12:24:50,300 ERROR com.ca.uim.policy.management.events.service.HeartBeatService:registerThisNode:348 [Catalina-utility-1] - Registration of this policy node to master failed, javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2022-03-11 12:24:50,845 INFO com.ca.uim.policy.management.config.PolicyManagementConfig:readNimConfig:167 [Timer-0] - Config file successfully loaded.

• Release: 20.4
• Component: UIM - INSTALL

• If you do use certificates that come from an internal CA, you need to upload a root certificate to the cacerts keystore that is used by java, so it knows that the self-signed certificates are trusted. 

Import the root SSL certificate to "\Nimsoft\jre\<most_recent_java_jre_version>\lib\security\cacerts" file on all OC nodes and restart the robot (oc robot): 

1. Run cmd as administrator

2. Copy root-certificate to C:\Program Files (x86)\Nimsoft\jre\<most_recent_java_jre_version>\lib\security

3. change the directory to : 

    C:\Program Files (x86)\Nimsoft\jre\<most_recent_java_jre_version>\lib\security

4. CACERTS Import command:

    "c:\Program Files (x86)\Nimsoft\jre\<most_recent_java_jre_version>\bin\keytool.exe" -importcert -keystore cacerts -alias cacerts -storepass changeit -file <root_cert_path> -trustcacerts

5. Restart OC robot