Changing Global User password on Provisioning Manager end up with Error - [rc=60] error setting certificate verify locations

book

Article ID: 4028

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

We enabled the setting "Use External Password Policies" on Provisioning Server, and recently we changed the inbound notification URL to a https url.

Then when we modify a Global User through the Provisioning Manager, the following error is encountered: 

--------------------------- 
IM Provisioning Manager 
--------------------------- 
:ETA_E_0007<MGU>, Global User 'TestUser' modification failed: PMC_VALIDATE_PASSWORD: Rc: 3. FAILED( https://specific environment URL:port/idm/ETACALLBACK/?env 
[rc=60] error setting certificate verify locations: 
CAfile: Not assigned 
CApath: none

 

Cause

The issue is due to the Trusted CA Certificate is not configuration on Provisioning Server, therefore the Provisioning Server is unable to connect to IM server and establish the https connection for checking password quality.

Environment

Windows/Linux

Resolution

This issue is resolved by pointing to the Trusted Certificate Authority through the Provisioning Manager.

This is configured from the Provisioning Manager under:
SYSTEM\Domain Configuration\Identity Manager Server\Trusted CA Bundle parameter.

Edit this Parameter Value with the path to the Trusted Certificate Authority.

 

 

Note: Changing this parameter will require restarting ALL effected servers.

Additional Information

N/A