search cancel

After Configuring Spectrum for SSL it now shows "Unable to Contact" in the CAPC data source list

book

Article ID: 32485

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps CA Spectrum

Issue/Introduction

After configuring Spectrum to use SSL, while CAPC is not configured to use SSL, the Spectrum data source shows as "Unable to Contact" in the CAPC data source list

In the PCService.log you will see an error that looks like this:

ERROR | qtp559824849-30  | 2015-01-09 12:04:09,957 | com.ca.im.portal.api.services.datasource.DataSourcePoll  

    | Received WebServiceException from version check for data source Spectrum Infrastructure [email protected].  CAUSE=javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://xxx.xxx.xx.xx:8443/axis2/services/DataSourceWS: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. MESSAGE=Could not send Message..  Returning DS_COMM_FAILURE result.

 

Environment

Dx NetOps Performance Management any version

Dx NetOps Spectrum any version running SSL

Cause

The Spectrum SSL cert has not been imported into the CAPC keystore

Resolution

To resolve this issue you must import the Spectrum SSL cert into the CAPC keystore:

After configuring Spectrum to use SSL take the Spectrum  certificate from within $SPECROOT/custom/keystore/cacerts file and move it over to the CAPC server. You can put it in the /opt/CA/jre/lib/security/ directory on the CAPC server 

For Spectrum OneClick:

  1. You should be able to run the following to export the cert: keytool -exportcert -keystore <path to keystore> -storepass <password> -alias <alias_name> -file <filename>.cer 
  2. Now take the filename.cer file and move it over to CAPC

 

For CAPC:

  1. Log on to the CAPC shell
  2. cd /opt/CA/jre/lib/security/
  3. cp cacerts cacerts.orig
  4. cd /opt/CA/jre/bin/
  5. Run the following command to import the Spectrum .cer file from the above section:  
./keytool -keystore /opt/CA/jre/lib/security/cacerts -storepass <password> -alias <alias> -importcert -file <cert name>.cer​

    6. Kick off a full synch of the Spectrum data source

The Spectrum data source should now successfully synch in CAPC