Unable to set up SSL based Spectrum as a Data Source in NetOps Performance Manager
search cancel

Unable to set up SSL based Spectrum as a Data Source in NetOps Performance Manager


Article ID: 4917


Updated On:


CA Spectrum DX NetOps CA Performance Management - Usage and Administration


This problem is encountered when Spectrum is configured to use SSL for web server access.

This problem can be seen regardless of CA Performance Manager's (CAPM) SSL support or configuration.


This might be observed in the CAPM web UI, when trying to Test the new Data Source. It would show:

"Data Source Test Failed 

Data source communication failure" 


When this error is observed we normally see a related error printed to the caperfcenter_console services log, the PCService.log. It is found, in a default installation, in /opt/CA/PerformanceManager/PC/logs. Per PCService.log when reproducing the failed connection test we should see: 


INFO | qtp1535531313-128695 | 2016-11-30 09:04:40,243 | com.ca.im.portal.api.services.datasource.DataSourcePoll 

| Test DataSource: Spectrum Infrastructure Manager@<IP_Address> 

INFO | qtp1535531313-128695 | 2016-11-30 09:04:40,247 | org.apache.cxf.service.factory.ReflectionServiceFactoryBean 

| Creating Service {http://netqos.com/DataSourceWS}IDataSourceWSService from class com.ca.im.portal.api.datasources.interfaces.datasourcews.IDataSourceWS 

ERROR | qtp1535531313-128695 | 2016-11-30 09:04:40,310 | com.ca.im.portal.api.services.datasource.DataSourcePoll 

| Received WebServiceException from version check for data source Spectrum Infrastructure Manager@<IP_Address>. CAUSE=javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://<IP_Address>:443/axis2/services/DataSourceWS: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. MESSAGE=Could not send Message.. Returning DS_COMM_FAILURE result. 


Taking that a step further, attempting to run the URL in the error from PCService.log here in a new browser tab:


It presents a request that we accept the page due to the system not being able to validate the SSL certificate presented as trusted. If we select to accept the page without a loaded certificate in the browser we see: 

"This XML file does not appear to have any style information associated with it. The document tree is shown below. 

<soapenv:Reason xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> 

<soapenv:Text xml:lang="en-US"> 

The endpoint reference (EPR) for the Operation not found is /axis2/services/DataSourceWS and the WSA Action = null. If this EPR was previously reachable, please contact the server administrator. 




Spectrum integrated with CAPM


The Spectrum OneClick web server was not responding properly due to lack of SSL certificate from Spectrum loaded into NetOps Portal


Export the SSL Certificate loaded into Spectrum; Import the SSL Certificate into NetOps Portal; restart the NetOps Portal services.


Step 1:

Export the certificate from Oneclick server

Login to oneclick server

cd $SPECROOT/Java/bin

keytool -export -alias tomcatssl -keystore $SPECROOT/custom/keystore/cacerts -file /tmp/tomcat.cer

tomcat.cer file will be created in /tmp folder


Step 2:

Copy the certificate from Oneclick server to CAPM server on a /tmp dir


Step 3:

Login to CAPM server and import the certificate

./keytool -import -alias tomcatssl -keystore /opt/CA/jre/lib/security/cacerts -file /tmp/tomcat.cer

it will prompt you whether to store (Yes / No).