Client has applied RU19 after which Catalog is unable to connect to ITPAM and noted below error in view.log:

[ITPAMWebserviceManager] Catalog connection to ITPAM failed.
org.apache.axis.AxisFault: ; nested exception is: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Release : 17.3  RU19 or higher

CA Service Catalog

PAM certificate missing in Catalog trust store

As part of RU patches, OpenJDK will be upgraded to remediate the vulnerabilities.

Catalog application JDK is located at "USM_HOME/embedded/jdk", where USM_HOME indicates Catalog installation directory.

Once this folder is replaced with the latest content, all the certificates that are imported into the trust store are overridden by the new changes.

Need to import the certificate again.

1) Download the PAM certificate from the browser or fetch it from PAM Server.

2) Import the certificate into the truststore of CA Service Catalog using keytool .Open command prompt in 'USM_HOME\embedded\jdk\bin' and execute following command

keytool -import -alias ITPAM -file <PAM.cer> -keystore "C:\Program Files\CA\Service Catalog\embedded\jdk\lib\security\cacerts"

Note: Replace <PAM.cer> with PAM certificate location.