search cancel

SOI CU4 SSL Integration between SOI and SDM issue.

book

Article ID: 252650

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction

The SSL Integration between SOI and SDM is not working after SOI 4.2 CU4 upgrade. The Service Desk is running with version 17.3.

In the following screenshots the occurring error messages can be seen:

Error in log: unable to find valid certification path to requested target

The service desk is running.

 

Is this a known problem?

Environment

Release : SOI 4.2 CU4

Service Desk: 17.3

Cause

Earlier both keystore and truststore used to be the same. After fixing some security-related issues.
We are seeing some issues like the SSL integration issue as described in this case.
As part of the next (CU5) release, the engineering is working on separating the truststore and keystore which will further enhance the security.

Resolution

Import SDM certificate on the SOI side.
 
1.\CA\SOI\jre-64\lib\security\cacerts"
2.Restart the SOI Manager.

Additional Information

Example: 

Import the certs to \CA\SOI\jre-64\lib\security\cacerts
 
C:\Program Files (x86)\CA\SOI\jre-64\lib\security>"C:\Program Files (x86)\CA\SOI\jre-64\bin\keytool.exe" -import -alias SDM -file hostname.domain.com crt -keystore cacerts
Enter Keystore password:
Owner: CN=XXXXXXXXX.bxx.xxxxxm.net
Issuer: CN=XXXXXXXXX.bxx.bxxxxxxm.net
 
Serial number: 7xxxxbe
Valid from: Tue Sep 13 19:17:58 EDT 2022 until: Wed Sep 13 19:17:58 EDT 2023
Certificate fingerprints:
         SHA1: DB:C2:37:0E:8D:93:AF:50:05:C0:13:76:CB:2E:B0:67:1B:6D:9F:97
         SHA256: 36:2A:56:4A:64:96:6C:C4:C0:3B:06:F4:AF:1F:1A:D0:AA:A5:B9:6D:F3:23:CD:C3:53:06:43:7D:1C:CC:7E:70
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: lNNNNNN.bpc.broadcom.net
]

#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 5E E4 B8 06 40 74 1A 54   C1 A8 F7 1C 6D 8A 0A C8  ^[email protected]
0010: F8 85 12 C1                                        ....
]
]

Trust this certificate? [no]:  yes
The certificate was added to Keystore

Attachments