Issue on LDAP via SSL: Getting "unable to find valid certification path to requested target" error.

book

Article ID: 39403

calendar_today

Updated On:

Products

APP PERF MANAGEMENT CA Application Performance Management Agent (APM / Wily / Introscope) CUSTOMER EXPERIENCE MANAGER INTROSCOPE

Issue/Introduction

 Symptom:

 EM authentication is enabled and realms.xml file is setup as documented to use LDAP via SSL. However, when user tries to login to the Workstation, a dialog window titled  "Enterprise Manager Login Error" pops up showing "Error authenticating user <username>...[Root exception is javax.net.ssl.SSLHandshakeException:  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path  to requested target."

 

 Environment:

 CA APM 10.1: Fresh new install. No EEM.

 

 Cause:

 Cert has not been imported (registered) into the keystore in the Java directory.

 

 Resolution:

  for Linux/Unix: run "keytool -import -noprompt -trustcacerts -alias PHI-CA2 -file "/opt/wily/<filename>.cer" -keystore  "/opt/wily/test/EM/Introscope10.1.0.15/jre/lib/security/cacerts" -storepass changeit"

  or for Windows: go to Start > run > certmgr.msc > Trusted Root Certification Authorities > Certificates > <filename>.cer and register the certificate in keystore.

 

 Additional Information:

  https://docops.ca.com/ca-apm/10-1/en/administrating/apm-security/securing-introscope/securing-introscope-using-ldap

Environment

Release: CEMUGD00200-10.1-Introscope to CA Application-Performance Management-Upgrade Mai
Component: