When attempting to configure an Azure connection using the Azure plugin in Aria Automation or Aria Orchestrator (e.g., version 8.18.1 U3), the connection validation fails and reports an "Error validating connection".

Upon checking the /services-logs/prelude/vco-app/file-logs/vco-server-app.log file, the following specific SSL Handshake Exception is found, indicating a problem with the trusted certificate chain:

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Note: The workflow log will show the clientSecret input as __NULL__. This is expected behavior for a SecureString input after a workflow completes for security reasons and is not the cause of the connection failure.

• Product: Aria Automation and/or Aria Orchestrator (vRealize Orchestrator).
• Version: 8.18.1 U3
• Component: Azure plugin (Workflow: Add an Azure connection).

The root cause is a PKIX path building failure. The Orchestrator environment fails the SSL handshake because it does not trust the certificate presented by the Azure management endpoint, meaning the certificate is not present or correctly chained in the Orchestrator's trusted keystore.

The Azure endpoint certificate needs to be correctly imported into the trusted store to resolve the SSL Handshake Exception.

1. Re-run the Azure connection workflow.
2. In the Input form for the workflow, set the input field for silently accepting the certificate to true (the checkbox may be labeled similar to "If set to true, the certificate is accepted silently and the certificate is added to the trusted store").
3. Click Submit to run the workflow and attempt to create the connection. This action forces the Orchestrator to import the necessary certificate into its trusted store.
4. Verify the certificates in the CA Keystore:
   • Navigate to Inventory -> Configuration -> Keystores -> CA keystore.
   • If you find any unexpected or older certificates for the Azure endpoints, run the "Delete certificate" workflow to remove them.
   • Once confirmed, re-run the connection workflow (Step 1-3) to ensure the current, correct certificate is installed.

An incorrect diagnosis of this issue is often related to the SecureString input being logged as __NULL__. This log entry is a security feature, not the error cause.