Requests in queued status due to a problem connecting to ITPAM
search cancel

Requests in queued status due to a problem connecting to ITPAM

book

Article ID: 254141

calendar_today

Updated On:

Products

CA Service Catalog CA Process Automation Base

Issue/Introduction

Error when integrating Service Catalog with PAM.

When reproducing the issue, the following error appears in view.log:

DEBUG [ActiveMQ Session Task-4] [enterprise] Mapping Exception to AxisFault
org.apache.axis.AxisFault: ; nested exception is: 
 javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) ~[axis.jar:?]
 at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154) ~[axis.jar:?]
 at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) ~[axis.jar:?]
 at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) ~[axis.jar:?]
 at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) ~[axis.jar:?]
 at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) ~[axis.jar:?]
 at org.apache.axis.client.Call.invokeEngine(Call.java:2765) ~[axis.jar:?]
 at org.apache.axis.client.Call.invoke(Call.java:2748) ~[axis.jar:?]
 at org.apache.axis.client.Call.invoke(Call.java:2424) [axis.jar:?]
 at org.apache.axis.client.Call.invoke(Call.java:2347) [axis.jar:?]
 at org.apache.axis.client.Call.invoke(Call.java:1804) [axis.jar:?]
 at com.ca.www.itpam.ItpamServiceBindingStub.checkServerStatus(ItpamServiceBindingStub.java:1874) [itpam-webservice.jar:?]
 at com.ca.usm.webservices.ITPAMWebserviceManager.testConnection(ITPAMWebserviceManager.java:573) [common.core.jar:17.3.0.1.88]
 at com.ca.usm.integration.itpam.ITPAMCommandProcessorExceptionHandler.isRetryableException(ITPAMCommandProcessorExceptionHandler.java:63) [common.core.jar:17.3.0.1.88]
 at com.ca.usm.integration.itpam.ITPAMCommandProcessorExceptionHandler.handleException(ITPAMCommandProcessorExceptionHandler.java:29) [common.core.jar:17.3.0.1.88]
 at com.ca.usm.integration.itpam.ITPAMCreateCommandProcessor.processCommand(ITPAMCreateCommandProcessor.java:410) [common.core.jar:17.3.0.1.88]
 at com.ca.usm.integration.itpam.ITPAMMessageListener.onMessage(ITPAMMessageListener.java:46) [common.core.jar:17.3.0.1.88]
 at org.apache.activemq.ActiveMQMessageConsumer.dispatch(ActiveMQMessageConsumer.java:1404) [activemq-client.jar:5.15.15]
 at org.apache.activemq.ActiveMQSessionExecutor.dispatch(ActiveMQSessionExecutor.java:131) [activemq-client.jar:5.15.15]
 at org.apache.activemq.ActiveMQSessionExecutor.iterate(ActiveMQSessionExecutor.java:202) [activemq-client.jar:5.15.15]
 at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:133) [activemq-client.jar:5.15.15]
 at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:48) [activemq-client.jar:5.15.15]
 at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
 at java.lang.Thread.run(Unknown Source) [?:?]
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?]

Environment

Service Catalog: 17.3

Cause

ITPAM certificates have not been imported into catalog cacerts.

Resolution

1. Export the PAM certificates as .CER using DER encoded option.

2. Import the PAM certificates into the Catalog cacerts using the command: 


 keytool -importcert -file "<Path to .CER certificate>" -keystore "<path to Catalog cacerts" -alias <Alias for certificate>

Powered by Wolken Software