After Configuring Spectrum for SSL it now shows "Unable to Contact" in the NetOps Portal data source list
search cancel

After Configuring Spectrum for SSL it now shows "Unable to Contact" in the NetOps Portal data source list

book

Article ID: 32485

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps CA Spectrum

Issue/Introduction

After configuring Spectrum to use SSL, while NetOps Portal is not configured to use SSL, the Spectrum data source shows as "Unable to Contact" in the NetOps Portal data source list

In the PCService.log you will see an error that looks like this:

ERROR | qtp559824849-30  | 2015-01-09 12:04:09,957 | com.ca.im.portal.api.services.datasource.DataSourcePoll  

    | Received WebServiceException from version check for data source Spectrum Infrastructure [email protected].  CAUSE=javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://xxx.xxx.xx.xx:8443/axis2/services/DataSourceWS: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. MESSAGE=Could not send Message..  Returning DS_COMM_FAILURE result.

 

Environment

Dx NetOps Performance Management any version

Dx NetOps Spectrum any version running SSL

Cause

The Spectrum SSL cert has not been imported into the NetOps Portal keystore

Resolution

To resolve this issue you must import the Spectrum SSL cert into the NetOps Portal keystore:

After configuring Spectrum to use SSL take the Spectrum  certificate from within $SPECROOT/custom/keystore/cacerts file and move it over to the NetOps Portal server. You can put it in the /opt/CA/jre/lib/security/ directory on the NetOps Portal server 

For Spectrum OneClick:

  1. You should be able to run the following to export the cert: keytool -exportcert -keystore <path to keystore> -storepass <password> -alias <alias_name> -file <filename>.cer 
  2. Now take the filename.cer file and move it over to NetOps Portal

 

For NetOps Portal:

  1. Log on to the NetOps Portal shell
  2. cd /opt/CA/jre/lib/security/
  3. cp cacerts cacerts.orig
  4. cd /opt/CA/jre/bin/
  5. Run the following command to import the Spectrum .cer file from the above section:  
./keytool -keystore /opt/CA/jre/lib/security/cacerts -storepass <password> -alias <alias> -importcert -file <cert name>.cer​

    6. Kick off a full synch of the Spectrum data source

The Spectrum data source should now successfully sync in NetOps Portal

Powered by Wolken Software