com.uc4.be.gui.remote.CITGuiException: com.uc4.be.gui.remote.CITGuiException: java.lang.RuntimeExce
Article ID: 90387
Updated On:
Products
CA Automic Workload Automation - Automation Engine
Issue/Introduction
com.uc4.be.gui.remote.CITGuiException: com.uc4.be.gui.remote.CITGuiException: java.lang.RuntimeExce
Environment
Release: AUTOME99000-2.0-Automic-Oracle Retail MOM-Enterprise Edition
Component:
Component:
Resolution
Investigation
The customer has followed the manual steps for setting up SSL from the documentation under 2.7 Manually Setting Up SSL:
To set up SSL, get the x509 certificate from the application server, convert it to binary if it is text, and import the certificate into the cacerts file of the JRE. SSL authentication is not RA functionality, it is provided by the JVM infrastructure. In upcoming releases we will provide SSL certification management as part of the RA solution.
To successfully connect using SSL to a service:
1. Get the x509 certificate from the application server (FTPS server, HTTPS Web Service, etc.).
2. If the certificate file is text, issue the following command to convert it to binary format:
openssl x509 -in "absolute path name for the cert file" -out cert.der
-outform DER
3. Use the following command to import the certificate into the cacerts file of the JRE:
keytool -import -v -alias serverCert -file cert.der -keystore "<path for the cacerts file for your JRE>"
To set up SSL, get the x509 certificate from the application server, convert it to binary if it is text, and import the certificate into the cacerts file of the JRE. SSL authentication is not RA functionality, it is provided by the JVM infrastructure. In upcoming releases we will provide SSL certification management as part of the RA solution.
To successfully connect using SSL to a service:
1. Get the x509 certificate from the application server (FTPS server, HTTPS Web Service, etc.).
2. If the certificate file is text, issue the following command to convert it to binary format:
openssl x509 -in "absolute path name for the cert file" -out cert.der
-outform DER
3. Use the following command to import the certificate into the cacerts file of the JRE:
keytool -import -v -alias serverCert -file cert.der -keystore "<path for the cacerts file for your JRE>"
Solution
There are step-by-step instructions for getting past this error.
1. Connect to a URL that requires a certificate:
If you try to create a new adapter for an RA solution (e.g. WebServices, VMWare, etc) that requires a certificate, you get the following error message:
Go to the webpage and copy the certificate into a file.
The screenshots below demonstrate how to import the certificate into a file using Internet Explorer:
The next step is to find out which java version is used.
For example, this agent is started via the ServiceManager Dialog and uses the java listed below:
C:\Program Files\Java\jdk1.6.0_16\bin\
Now search for a file named 'cacerts' in the java directory that runs this agent. In this example it is found in the follow directory:
C:\Program Files\Java\jdk1.6.0_16\jre\lib\security
and run the following command line to import the certificate:
keytool -importcert -file c:\Acumen.cer -keystore cacerts
You can use 'changeit' as keystore password (that is a default password).
C:\Program Files\Java\jdk1.6.0_16\jre\lib\security>keytool -importcert -file c:\Acumen.cer -keystore cacerts
Enter the keystore password:
Owner: [email protected], CN=usvendor1, OU=Acumen, O=domain, L=Seattle, ST=Washington, C=US
Issuer: [email protected], CN=usvendor1, OU=Acumen, O=domain, L=Seattle, ST=Washington, C=US
Serial number: debf4656cc942184
Valid from: Tue Mar 02 07:39:14 PST 2010 until: Wed Mar 02 07:39:14 PST 2011
Certificate fingerprints:
MD5: B3:BF:73:2C:62:25:B3:18:6F:8B:B8:35:5C:B8:94:58
SHA1: F7:6E:A2:42:2C:30:AF:C2:FF:86:E8:F9:D6:3C:EB:D0:16:E3:BD:A0
Signature algorithm name: SHA1withRSA
Version: 1
Trust this certificate? [no]: yes
Certificate was added to keystore
The import is done and the agent can connect to the URL specified in the RA agent .
If you're interested in a more detailed description ?
http://java.sun.com/javase/6/docs/technotes/tools/solaris/keytool.html
1. Connect to a URL that requires a certificate:
<Please see attached file for image>
<Please see attached file for image>
If you try to create a new adapter for an RA solution (e.g. WebServices, VMWare, etc) that requires a certificate, you get the following error message:
<Please see attached file for image>
Go to the webpage and copy the certificate into a file.
The screenshots below demonstrate how to import the certificate into a file using Internet Explorer:
<Please see attached file for image>
<Please see attached file for image>
<Please see attached file for image>
<Please see attached file for image>
<Please see attached file for image>
The next step is to find out which java version is used.
For example, this agent is started via the ServiceManager Dialog and uses the java listed below:
C:\Program Files\Java\jdk1.6.0_16\bin\
Now search for a file named 'cacerts' in the java directory that runs this agent. In this example it is found in the follow directory:
C:\Program Files\Java\jdk1.6.0_16\jre\lib\security
and run the following command line to import the certificate:
keytool -importcert -file c:\Acumen.cer -keystore cacerts
You can use 'changeit' as keystore password (that is a default password).
C:\Program Files\Java\jdk1.6.0_16\jre\lib\security>keytool -importcert -file c:\Acumen.cer -keystore cacerts
Enter the keystore password:
Owner: [email protected], CN=usvendor1, OU=Acumen, O=domain, L=Seattle, ST=Washington, C=US
Issuer: [email protected], CN=usvendor1, OU=Acumen, O=domain, L=Seattle, ST=Washington, C=US
Serial number: debf4656cc942184
Valid from: Tue Mar 02 07:39:14 PST 2010 until: Wed Mar 02 07:39:14 PST 2011
Certificate fingerprints:
MD5: B3:BF:73:2C:62:25:B3:18:6F:8B:B8:35:5C:B8:94:58
SHA1: F7:6E:A2:42:2C:30:AF:C2:FF:86:E8:F9:D6:3C:EB:D0:16:E3:BD:A0
Signature algorithm name: SHA1withRSA
Version: 1
Trust this certificate? [no]: yes
Certificate was added to keystore
The import is done and the agent can connect to the URL specified in the RA agent .
If you're interested in a more detailed description ?
http://java.sun.com/javase/6/docs/technotes/tools/solaris/keytool.html
Feedback
Yes
No
Powered by
