The following error appears in the Unified Self-Service (USS) application when testing CA Service Desk datasource in Unified Self-Service using SSL and a CA certificate:
Error connecting to ServiceDesk Manager REST URL
In the Liferay logs, in debug mode, the following message appears:
WARN [ExternalSourceData:313] Error occurred while testing of the WADL: https://<hostname>:<SSL port>/caisd-rest/rest_access/?_wadl javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Not all certificates of the chain have been imported into JRE being used by Unified Self-Service
1. Download the SSL certificates for the CA SDM website using a web browser. Once you are on the CA SDM page, click on the security padlock in the URL and select 'View Certificates'.
2. Copy the certificate in BASE64 format to this directory on the USS server: C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\jre\lib\security
3. If the certificate is a vendor issued certificate, make sure to save all the certificates in the certificate chain in the same format. Save them to different file names to make it easier to understand what certificate is in which file.
4. On the USS server, open a command prompt and set your JAVA_HOME like below:
set JAVA_HOME="C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\jre"
cd "C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\jre\bin"
5. Take a backup of this file: C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\jre\lib\security\cacerts
6. Import each certificate under a different alias by using the following command:
keytool -import -trustcacerts -alias server -file "C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\jre\lib\security\server.cer" -keystore "C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\jre\lib\security\cacerts" -storepass changeit
note: default password is 'changeit' for the cacerts keystore
7. Repeat the above process to import all certificates in the certificate chain. For each such requirement, a different alias is needed in Step#6. For example: alias root for RootCA certificate and alias intermediate for intermediate authority certificate.
8. Once all certs are imported, restart USS Tomcat via Windows Services Control Panel
9. Open a web browser and go to CA USS URL -> Administration -> Data sources
10. Use appropriate HTTPS URL for the Base and REST items in the CA SDM datasource
How to configure CA Unified Self Service (USS) to connect to HTTPS based Service Catalog/Service Desk