Logged into ARA GUI but are getting error when trying to view the ARA Workflow Design Screen.
Article ID: 89786
Updated On:
Products
Issue/Introduction
Logged into ARA GUI but are getting error when trying to view the ARA Workflow Design Screen.
Environment
Component: ARLSMG
Resolution
Symptoms
Logged into ARA GUI but are getting error when trying to view the ARA Workflow Design Screen.
It show that the components cannot be loaded. There is no connection to the Deployment Manager.
Within the ARA logs it show the following:
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Cause
Using HTTPS but are missing the SSL certificate
Resolution
Add the root & intermediate CA's cert of the ARA server to the local truststore (or to the JVM)
Registering the CA cert of the certificate you are using with the JVM (try first with a local truststore, if that doesn't work with the JVM CA Cert list):
First download the Cert as seen by an HTTP client: Open RM in Chrome or Firefox.
In Chrome: Right click the lock icon, Connection -> Certificate information -> Certification path -> Choose the CA cert -> View Certificate and export it to a file. (Screenshot shows our Jira instance as an example)
In Firefox:
Double click the lock icon, Security -> View Certificate -> Details. Choose the CA cert and export.
OK, so now you have the certificate ARA will see. Please first try installing it in a local truststore. You can discard the file that comes with ECC and run the same command you got:
keytool -import -v -trustcacerts -alias <alias> -file alm.cer -keystore <truststoreName> -storepass <password>
It will ask you for a (new) password and create a new truststore for you. Enter the information into the ECC configuration.properties
truststore=yourNewTruststoreFile
tuststorePassword=¬¬101231ABCABC
(the encrypted password is obviously an example).
Please restart tomcat and retry.
If that doesn't work, import the same Cert into the global JVM CA Cert file.
Below is link to an example that describes doing the same thing as described above for Adding a Certificate to the Java CA Certificates Store
Add the ECC truststore to the JVM truststore (just be sure to modify the certs for the JVM that's actually used).
http://www.windowsazure.com/en-us/develop/java/common-tasks/add-a-certificate-to-ca-store/
Feedback
