Following the RU5 install, Insights integration with Jasper configured for SSL may cease to function.  Prior to RU update, the Insights integration was working fine.

Insights UI on the browser may show an error similar to:

ERROR: Document could not be retrieved due to an internal server error. Please contact the administrator.

DEBUG - 20XX -03-13 09:17:26 [application] - method [GET], Jasper URL [https://JASPER-SERVER:8443/jasperserver-pro/logout.html]
...
DEBUG - 20XX -03-13 09:17:27 [p.s.a.o.a.n.c.NettyConnectListener] - Trying to recover from failing to connect channel [id: 0x2c671ad9, L:0.0.0.0/0.0.0.0:56463] with a retry value of true 

DEBUG - 20XX -03-13 09:17:27 [p.s.a.o.a.n.c.NettyConnectListener] - Failed to recover from connect exception: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target with channel [id: 0x2c671ad9, L:0.0.0.0/0.0.0.0:56463]

DEBUG - 20XX -03-13 09:17:27 [p.s.a.o.a.netty.handler.HttpHandler] - Unexpected I/O exception on channel [id: 0x2c671ad9, L:0.0.0.0/0.0.0.0:56463]
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)

Release:  17.4 (upgraded to RU5)

The cacerts in xFlow needs to be updated due to the change in JRE following the RU5 upgrade

In the existing documentation, section Adding JasperReports Certificate to Insights Trust Store, there is an instruction to update the cacerts keystore with the Jasper certificate.  For release 17.4 RU5, AdoptOpenJDK 11.0.27 is present.  There will be a cacerts file in place that is specific to this new Java update.

Previous releases of 17.4 had been using older Java Runtime implementations, which have their own cacerts keystore files.  You can view the cacerts files that are present in previous Java implementations that were used by xFlow in locations such as the following:

C:\Program Files\CA\SC\JRE\11.0.18\lib\security\cacerts
C:\Program Files\CA\SC\JRE\11.0.27\lib\security\cacerts

The idea is to update the cacerts of the later JRE that was introduced with Jasper's certificate.  Equivalent instruction of existing documentation, applying the latest JRE introduced by 17.4 RU5:

1. Navigate to <xFlowInstallation Home Dir>\jre\bin
   Example: C:\Program Files\CA\SC\JRE\11.0.27\bin
   
   
2. Import the certificate or any trusted certificate.
   

   keytool -importcert -alias <aliasname>-file <Selected Path>/<filename>.crt -keystore  ..\lib\security\cacert

3. Restart the CA xFlow Analyst Interface services.

You can use the keytool command to view the contents of any cacerts, to verify that the Jasper certificates exist in the older cacerts and need to be added to the later cacerts.

Sample keytool command to view contents of a cacerts keystore:

keytool -list -v -keystore C:\Program Files\CA\SC\JRE\11.0.27\lib\security\cacerts