I am trying to install CABI (either on a fresh deployment or having run the CABI cleanup script to clean up a previously unsuccessful installation).

CABI installation fails with the following error:

Controller: Probe 'cabi' (command = <startup java>) returns no-restart code (42)

Above that in the log I see the following error:

SSL handshake failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

TLS is not enabled for the DX UIM database connection in data_engine, and this is working fine, so why are we getting an SSL failure?

CABI 7.50, 8.00, 8.20, 23.4.0

Microsoft SQL Database

TLS not enabled in data_engine

There are two options:

1. Set "Force Encryption" to "No" so that CABI will not try to look for a certificate when establishing the connection
2. Leave it set to "Yes" but enable a certificate so that CABI can validate the certificate.

Note that it may be necessary to enable TLS on data_engine if you choose the second option.

Additionally, if the certificate used for SQL is a self-signed certificate, you will likely need to import that certificate to the Trusted Store in Java on the CABI server.

To do so:

1. Export the certificate in Windows into .CER format.  You do not need to export the private key.
2. Copy the .CER file to the CABI server
3. Navigate to the lib/security folder which is underneath the UIM JRE folder, e.g.:  C:\Program Files (x86)\Nimsoft\jre\(version)\lib\security\
4. Open a command prompt in this location
5. Run the following command (substituting the appropriate values) to use keytool to import the .CER file to the Trusted Cert store:
   

   ..\..\bin\keytool -importcert -alias <servername of SQL Server> -file <X:\Path\to\certificate.cer> -keystore .\cacerts

6. You will be prompted for a password, use the password:  "changeit" 

After doing these steps, restart the cabi probe, which will re-run the installer, and the installation should now succeed.