If Service Desk Manager is configured for SSL you may run into a situation where the Service Desk Manager Connector fails to connect successfully.  Connectors are often used in SOAP WSDL applications such as GRLoader or PAM

You may see errors logged similar to:

14:48:56.022 ERROR GRLoader 297 nested exception is:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: timestamp check failed

14:48:56.022 INFO GRLoaderInitializer 40 GRLoader initialization returned value :1

14:48:56.131 INFO TCP_port 1581 TCP_port wait interrupted

14:48:56.240 FATAL ConnectorHelper 180 Unable to connect to Service Desk Manager.
com.ca.sdm.connector.grloader.GRLoaderInitializationException: GRLoader

Initialization Failed. Please check the GRLoader parameters and try Again.

CA Service Desk Manager - 17.x

To resolve the SSLHandshakeException error the SSL certificate from Service Desk Manager must be imported into the cacerts associated with the Service Desk Manager Connector.

1. Open a web browser, and access the webservice url (for example https://[EXAMPLE-SDM-SERVER]:8443/axis/services/USD_R11_WebService)
   
   
2. From the browser, export the https certificate and save it to the local machine (for example, save as: C:\sdm.crt)
   
   
3. Copy the sdm.crt file to the server and with a command prompt (running as Administrator) navigate to the Service Desk Manager Connector java folder, this will typically be

"C:\Program Files (x86)\CA\Catalyst\CatalystConnector\...”

If the Connector was installed using the 32-bit Java enter the JRE directory

If the Connector was installed using the 64-bit Java enter the JRE-64 directory

Note: If the 32-bit Java was selected during the install process only the “JRE” folder will be present

4.    Run the following command:

keytool -import -keystore lib\security\cacerts -file c:\sdm.crt

Note:  The above command should import the c:\sdm.crt certificate to the JRE_HOME\lib\security\cacerts  keystore.  JRE_HOME refers to the 32-bit or 64-bit JRE as mentioned above.

5.      When prompted for a password, use the default which is "changeit".

6.      Restart the Service Desk Manager Connector services.

The keytool command is provided in all JRE/JDK implementations.  One may need to provide the path the binary as a prefix to the command, ie:

c:\java\bin\keytool.exe -import -keystore lib\security\cacerts -file c:\sdm.crt

For detailed usage of keytool you may refer http://docs.oracle.com/javase/tutorial/security/toolfilex/rstep1.html

The other thing to be aware of is that one may also need to acquire the CA certificate and import it into the above cacerts file.  The CA Certificate is NOT the same thing as the SSL certificate that is used to enable SSL communication; it is the certificate that identifies the "CA" or Certificate Authority which has signed/validated the SSL certificate itself.  Information on obtaining the CA Certificate may be found here.