search cancel

Service Catalog: Requests in queued status due to a problem connecting to ITPAM

book

Article ID: 254141

calendar_today

Updated On:

Products

CA Service Catalog

Issue/Introduction

Error when integrating Catalog with PAM. When reproducing the issue, the following error appears in view.log:

DEBUG [ActiveMQ Session Task-4] [enterprise] Mapping Exception to AxisFault
org.apache.axis.AxisFault: ; nested exception is: 
 javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) ~[axis.jar:?]
 at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154) ~[axis.jar:?]
 at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) ~[axis.jar:?]
 at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) ~[axis.jar:?]
 at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) ~[axis.jar:?]
 at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) ~[axis.jar:?]
 at org.apache.axis.client.Call.invokeEngine(Call.java:2765) ~[axis.jar:?]
 at org.apache.axis.client.Call.invoke(Call.java:2748) ~[axis.jar:?]
 at org.apache.axis.client.Call.invoke(Call.java:2424) [axis.jar:?]
 at org.apache.axis.client.Call.invoke(Call.java:2347) [axis.jar:?]
 at org.apache.axis.client.Call.invoke(Call.java:1804) [axis.jar:?]
 at com.ca.www.itpam.ItpamServiceBindingStub.checkServerStatus(ItpamServiceBindingStub.java:1874) [itpam-webservice.jar:?]
 at com.ca.usm.webservices.ITPAMWebserviceManager.testConnection(ITPAMWebserviceManager.java:573) [common.core.jar:17.3.0.1.88]
 at com.ca.usm.integration.itpam.ITPAMCommandProcessorExceptionHandler.isRetryableException(ITPAMCommandProcessorExceptionHandler.java:63) [common.core.jar:17.3.0.1.88]
 at com.ca.usm.integration.itpam.ITPAMCommandProcessorExceptionHandler.handleException(ITPAMCommandProcessorExceptionHandler.java:29) [common.core.jar:17.3.0.1.88]
 at com.ca.usm.integration.itpam.ITPAMCreateCommandProcessor.processCommand(ITPAMCreateCommandProcessor.java:410) [common.core.jar:17.3.0.1.88]
 at com.ca.usm.integration.itpam.ITPAMMessageListener.onMessage(ITPAMMessageListener.java:46) [common.core.jar:17.3.0.1.88]
 at org.apache.activemq.ActiveMQMessageConsumer.dispatch(ActiveMQMessageConsumer.java:1404) [activemq-client.jar:5.15.15]
 at org.apache.activemq.ActiveMQSessionExecutor.dispatch(ActiveMQSessionExecutor.java:131) [activemq-client.jar:5.15.15]
 at org.apache.activemq.ActiveMQSessionExecutor.iterate(ActiveMQSessionExecutor.java:202) [activemq-client.jar:5.15.15]
 at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:133) [activemq-client.jar:5.15.15]
 at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:48) [activemq-client.jar:5.15.15]
 at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
 at java.lang.Thread.run(Unknown Source) [?:?]
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?]

Environment

Release : 17.3

Cause

ITPAM certificates have not been imported into catalog cacerts.

Resolution

1. Export the PAM certificates as .CER using DER enconded option
2. Import the PAM certificates into the Catalog cacerts.
Command:
keytool -importcert -file "<Path to .CER certificate>" -keystore "<path to Catalog cacerts" -alias <Alias for certificate>