Changing Global User password on Provisioning Manager end up with Error - [rc=60] error setting certificate verify locations
search cancel

Changing Global User password on Provisioning Manager end up with Error - [rc=60] error setting certificate verify locations

book

Article ID: 4028

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

We enabled the setting "Use External Password Policies" on Provisioning Server, and recently we changed the inbound notification URL to a https url.

Then when we modify a Global User through the Provisioning Manager, the following error is encountered: 

--------------------------- 
IM Provisioning Manager 
--------------------------- 
:ETA_E_0007<MGU>, Global User 'TestUser' modification failed: PMC_VALIDATE_PASSWORD: Rc: 3. FAILED( https://server.domain.com:port/idm/ETACALLBACK/?env 
[rc=60] error setting certificate verify locations: 
CAfile: Not assigned 
CApath: none

 

Environment

Windows/Linux

Cause

The issue is due to the Trusted CA Certificate is not configured on Provisioning Server, and therefore the Provisioning Server is unable to establish the https connection to IM server for checking password quality.

Resolution

This issue is resolved by pointing to the Trusted Certificate Authority through the Provisioning Manager.

This is configured from the Provisioning Manager under:
SYSTEM > Domain Configuration > Identity Manager Server > Trusted CA Bundle parameter.

Edit this Parameter Value with the path to the Trusted Certificate Authority.

Note: Changing this parameter will require restarting ALL affected servers.

Additional Information

N/A