After applying patch, connection from catalog to ITPAM fails
search cancel

After applying patch, connection from catalog to ITPAM fails


Article ID: 271959


Updated On:


CA Service Catalog CA Process Automation Base


Client has applied RU19 after which Catalog is unable to connect to ITPAM and noted below error in view.log:

[ITPAMWebserviceManager] Catalog connection to ITPAM failed.
org.apache.axis.AxisFault: ; nested exception is: PKIX path building failed: unable to find valid certification path to requested target


Release : 17.3  RU19 or higher

CA Service Catalog


PAM certificate missing in Catalog trust store


As part of RU patches, OpenJDK will be upgraded to remediate the vulnerabilities.

Catalog application JDK is located at "USM_HOME/embedded/jdk", where USM_HOME indicates Catalog installation directory.

Once this folder is replaced with the latest content, all the certificates that are imported into the trust store are overridden by the new changes.

Need to import the certificate again.

1) Download the PAM certificate from the browser or fetch it from PAM Server.

2) Import the certificate into the truststore of CA Service Catalog using keytool .Open command prompt in 'USM_HOME\embedded\jdk\bin' and execute following command

keytool -import -alias ITPAM -file <PAM.cer> -keystore "C:\Program Files\CA\Service Catalog\embedded\jdk\lib\security\cacerts"

Note: Replace <PAM.cer> with PAM certificate location.