search cancel

Changing the CAPKI certificate to self signed certificate causes Service Manager to use unsecure connection.

book

Article ID: 257993

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

In the Automation Engine, [CAPKI] section in ucsrv.ini and UCYBSMgr.ini of the Service Manager reference the self-signed certificate.

The [CAPKI] section ucsrv.ini of the Automation engine and UCYBSMgr.ini of the service manager have been modified but when the service has been restarted, it is throwing an error -allowing only unsecure connection. https://api-broadcom-ca-user.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=XaSqgB9fRfef8a2smgvIUA==

Environment

Release : 21.0

Resolution

The CAPKI section of the ini file goes like this ->

certificate=C:\Automic_v2104\ServiceManager\bin\<full certificate chain>.cer
key=C:\Automic_v2104\ServiceManager\bin\<private key>.pem

To create the <full certificate chain>.cer, we used the keystore explorer and export > export certificate chain.

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=JijJw5aHtl68xLp5aFeJtg==

Then Under Export Length, we selected 'Entire Chain'.

To create the <private key>.pem file, we exported the keypair and then selected format PEM.

Be sure to update both the UCsrv.ini and the UCYBSMgr.ini for consistency.

Attachments