search cancel

Changing Global User password on Provisioning Manager end up with Error - [rc=60] error setting certificate verify locations


Article ID: 4028


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On


We enabled the setting "Use External Password Policies" on Provisioning Server, and recently we changed the inbound notification URL to a https url.

Then when we modify a Global User through the Provisioning Manager, the following error is encountered: 

IM Provisioning Manager 
:ETA_E_0007<MGU>, Global User 'TestUser' modification failed: PMC_VALIDATE_PASSWORD: Rc: 3. FAILED( https://specific environment URL:port/idm/ETACALLBACK/?env 
[rc=60] error setting certificate verify locations: 
CAfile: Not assigned 
CApath: none





The issue is due to the Trusted CA Certificate is not configuration on Provisioning Server, therefore the Provisioning Server is unable to connect to IM server and establish the https connection for checking password quality.


This issue is resolved by pointing to the Trusted Certificate Authority through the Provisioning Manager.

This is configured from the Provisioning Manager under:
SYSTEM\Domain Configuration\Identity Manager Server\Trusted CA Bundle parameter.

Edit this Parameter Value with the path to the Trusted Certificate Authority.



Note: Changing this parameter will require restarting ALL effected servers.

Additional Information