An HTTP job fails in AutoSys with the following error in the agent log or autosyslog output:

Request execution failure because of an SSLHandshakeException Exception
javax.net.ssl.SSLHandshakeException: Certificate chaining error
Caused by: sun.security.validator.ValidatorException: Certificate chaining error
HTTP Request failed. Reason: Status Text(SSLHandshakeException:Certificate chaining error). Status Code(-1).

Other HTTP jobs running on the same agent to different endpoints may succeed (e.g., returning Code:200 Status: OK).

• Component: Workload Automation Agent (System Agent)
• Job Type: HTTP

The Workload Automation Agent's Java runtime environment (JRE) does not trust the SSL/TLS certificate chain provided by the target HTTP endpoint. This typically occurs because the root or intermediate CA certificates are missing from the agent's Java keystore (cacerts).

To resolve this issue, configure the agent to automatically accept and import new CA certificates by modifying the agent parameters.

1. Navigate to the agent installation directory.
2. Open the agentparm.txt file.
3. Add the following parameter:

   https.client.ssl.accept_new_ca=true

4. Save the file.
5. Restart the Workload Automation Agent service.
6. Rerun the failing HTTP job.

Alternative Resolution (Manual Import)

If security policies prevent automatic certificate acceptance, manually import the certificate using the Java keytool utility:

1. Obtain the certificate (.cer or .pem) from the target URL.
2. Run the following command from the agent's jre/bin directory. For example:
   
   
   

   ./keytool -import -trustcacerts -keystore ../lib/security/cacerts -storepass changeit -alias target_host_alias -file /path/to/certificate.cer

3. Restart the agent.