SOI CU4 SSL Integration between SOI and SDM issue.
Article ID: 252650
Updated On:
Products
CA Service Operations Insight (SOI)
Issue/Introduction
The SSL Integration between SOI and SDM is not working after SOI 4.2 CU4 upgrade. The Service Desk is running with version 17.3.
In the following screenshots the occurring error messages can be seen:
Error in log: unable to find valid certification path to requested target
The service desk is running.
Is this a known problem?
Environment
Release : SOI 4.2 CU4
Service Desk: 17.3
Cause
Earlier both keystore and truststore used to be the same. After fixing some security-related issues.
We are seeing some issues like the SSL integration issue as described in this case.
As part of the next (CU5) release, the engineering is working on separating the truststore and keystore which will further enhance the security.
Resolution
Import SDM certificate on the SOI side.
1.\CA\SOI\jre-64\lib\security\cacerts"
2.Restart the SOI Manager.
2.Restart the SOI Manager.
Additional Information
Example:
Import the certs to \CA\SOI\jre-64\lib\
C:\Program Files (x86)\CA\SOI\jre-64\lib\security>"C:\Program Files (x86)\CA\SOI\jre-64\bin\keytool.exe" -import -alias SDM -file hostname.domain.com crt -keystore cacerts
Enter Keystore password:
Owner: CN=XXXXXXXXX.bxx.xxxxxm.net
Issuer: CN=XXXXXXXXX.bxx.bxxxxxxm.net
Enter Keystore password:
Owner: CN=XXXXXXXXX.bxx.xxxxxm.
Issuer: CN=XXXXXXXXX.bxx.bxxxxxxm.
Serial number: 7xxxxbe
Valid from: Tue Sep 13 19:17:58 EDT 2022 until: Wed Sep 13 19:17:58 EDT 2023
Certificate fingerprints:
SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
SHA256: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: lNNNNNN.bpc.broadcom.net
]
#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 5E E4 B8 06 XX XX XX XX C1 XX XX XX XX XX 0A C8 ^.. ...m...
0010: F8 85 12 C1 ....
]
]
Trust this certificate? [no]: yes
The certificate was added to Keystore
Valid from: Tue Sep 13 19:17:58 EDT 2022 until: Wed Sep 13 19:17:58 EDT 2023
Certificate fingerprints:
SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
SHA256: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: lNNNNNN.bpc.broadcom.net
]
#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 5E E4 B8 06 XX XX XX XX C1 XX XX XX XX XX 0A C8 ^.. ...m...
0010: F8 85 12 C1 ....
]
]
Trust this certificate? [no]: yes
The certificate was added to Keystore
Feedback
Yes
No
Powered by
