Updates Made in Service Desk Manager do not show in Service Catalog
search cancel

Updates Made in Service Desk Manager do not show in Service Catalog

book

Article ID: 265395

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Management - Service Desk Manager CA Service Catalog

Issue/Introduction

When making changes to tickets in Service Desk Manager, these changes are not seen in Service Catalog

The environment has SSL configured for both Service Desk Manager and Service Catalog

NX_ROOT\log\catalogsync.log shows the following error:

03/30 04:32:12.157 [Thread-4] ERROR CatalogSoapInvoker 242 Exception:  
org.apache.axis.AxisFault: ; nested exception is: 
    javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Environment

SSL configured for both Service Desk Manager AND Service Catalog 

Service Desk Manager 17.3 and higher

Service Catalog 17.3 and higher

Cause

The ENTIRE certificate chain for Service Catalog SSL communication does not exist in Service Desk Managers Java keystore

Default location:

C:\Program Files\CA\SC\JRE\11.0.12\lib\security\cacerts

As the above location may vary, check the location of the JRE associated with SDM by reviewing the following entry in nx.env

@NX_JRE_INSTALL_DIR

Then checking lib\security for the cacerts keystore

Resolution

  1. In the NX.env, locate the variable NX_CATALOG_SERVER to verify the specific Catalog server in question.  This value should read https://[CATALOG-SERVER]

  2. Navigate to the Service Catalog login page and view the certificate chain configured. 

  3. Proper SSL environments have root, intermediate, and child/server certificates configured.

  4. Export all certificates in Base 64 encoded x.509 (.CER) format.  If this option does not exist in your browser, export as "All Files" and save with a "cer" extension.

  5. Next, in Admin Command Prompt navigate to the location of your keystore, based on the NX.env definition for NX_JRE_INSTALL_DIR ie:  C:\Program Files\CA\SC\JRE\11.0.12\lib\security\

  6. Backup the existing cacerts file that is present into a separate folder (do not copy/paste the file into the same location)

  7. Then execute the following commands for each certificate in the certificate chain:
    "C:\Program Files (x86)\CA\SC\JRE\11.0.12\bin\keytool.exe" -importcert -alias root -file root.cer -cacerts
    "C:\Program Files (x86)\CA\SC\JRE\11.0.12\bin\keytool.exe" -importcert -alias intermediate -file intermediate.cer -cacerts
    "C:\Program Files (x86)\CA\SC\JRE\11.0.12\bin\keytool.exe" -importcert -alias child -file server.cer -cacerts
    In the above, only the first command, for the root certificate, will prompt about trusting the certificate.  Choose "Y" to trust the certificate. 
    If you are prompted for a keystore password, use "changeit"

  8. Each time one of the above keytool commands are executed, check the cacerts file to ensure it has changed in size and its date stamp has also changed.

  9. SDM services restart should not be needed, but if the above change does not take affect, restart the Service Desk Manager service.

Confirm the error is gone form catalogsync.log and if you see changes made in Service Desk Manager are showing in Service Catalog

Additional Information

Changes that are affected include activity log updates as well as status changes that are being made in SDM, which need to transfer to Catalog

The above issue is specific to an SDM to Catalog installation where Catalog is configured for SSL, but the Catalog SSL certificate authority needs to be included in SDM's designated cacerts file.

Powered by Wolken Software