search cancel

Symantec Identity Governance - Error Connecting IG to IM: IM Server is not available at caim-srv:80


Article ID: 253863


Updated On:


CA Identity Suite CA Identity Governance


We receive an error following the directions for connecting Identity Governance to Identity Manager.  We have tried both the names in /etc/hosts file (caim-srv and caim-srv-02) and by IP address.


IM Server is not available at caim-srv:80


Release : 14.4


The issue was caused by VAPP not inserting the IM cert into the IG keystore. Follow the below steps to import the cert:

1. Go to the IM node home directory, and run the following command to export the certificate. 
"$JAVA_HOME/bin/keytool" -export -alias caim-srv -keystore "$JAVA_HOME/jre/lib/security/cacerts" -rfc -file caim-srv.cer

2. Go to the IG node, and run the following command to import the certificate.
"$JAVA_HOME/bin/keytool" -import -file "caim-srv.cer" -keystore "$JAVA_HOME/jre/lib/security/cacerts" -alias "caim-srv"

3. Make sure that the alias "caim-srv" exists now in the IG node using the following command.
"$JAVA_HOME/bin/keytool" -list -v -keystore "$JAVA_HOME/jre/lib/security/cacerts" | grep Alias

4. If the certificate is imported successfully, do the test connection from IG using the node name "caim-srv" or "caim-srv-0X" and confirm the resolution.

Additionally, you can run the -list command from step 3 prior to performing the export/import to confirm if the certs do or do not exists.

Additional Information

If you are FIPS enabled, you must declare the FIPS key location.

For VAPP the default location for the FIPS key is here:




The below documentation covers enabling FIPS for IG.



If the problem still persists and we have the error below in the Identity Governance log, make sure to import the UserStore certificate from CentOS8 since 14.4.1 updated the OS from CentOS6 to CentOS8

That's the error when the IG cacerts do not have the UserStore certificate from CentOS8

ERROR [stderr] (default task-109) ERROR ConnectionObject IMConnectionObject.getLdapContext: Failed to get LDAP context
ERROR [stderr] (default task-109)  javax.naming.CommunicationException: simple bind failed: caim-srv:19289 [Root exception is PKIX path building failed: unable to find valid certification path to requested target]