After renewing the certificate in the ITPAM  getting the below error in jstd.log when invoking PAM in SDM:

05:37:36.174[Thread-3] ERROR ItpamWorkflow 575 Error getting definitions: 

AxisFault

faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException

faultSubcode:

 faultString: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

faultActor:

 faultNode:

 faultDetail:

                {http://xml.apache.org/axis/}stackTrace:java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

                at java.base/javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:263)

                at java.base/javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:277)

                at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:92)

                at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)

                at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)

                at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)

                at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

                at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

                at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

                at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)

                at org.apache.axis.client.Call.invokeEngine(Call.java:2784)

                at org.apache.axis.client.Call.invoke(Call.java:2767)

                at org.apache.axis.client.Call.invoke(Call.java:2443)

                at org.apache.axis.client.Call.invoke(Call.java:2366)

                at org.apache.axis.client.Call.invoke(Call.java:1812)

                at com.ca.ServicePlus.pdm_rpc.proxies.ItpamService.ItpamServiceBindingStub.getStartRequestForms(ItpamServiceBindingStub.java:1764)

Service Management 17.3

1. Download the certificate using the browser from the IT PAM URL.  File saved as chain certificate with extension CRT. Example filename as: pam.crt. 
2. Copy the certificate file to the SDM NX_ROOT\bin directory
3. Take backup of NX_ROOT\NX.env file and NX_ROOT\pdmconf\nx_keystore file. 
4. Edit NX_ROOT\NX.env file to to remove the NX_KEYSTORE_REF value by deleting the value after "=" sign.
5. Also delete the file NX_ROOT\pdmconf\nx_keystore
6. From the command prompt go to location NX_ROOT\bin and run the command as: pdm_perl pdm_keystore_mgr.pl -import pam.crt
7. Once step 6 is completed check whether NX.env is updated with the value NX_KEYSTORE_REF, and also  NX_ROOT\pdmconf\nx_keystore to be created.
8. Tomcat webserver also need the reference for the correct certificate. Hence we need to update NX_ROOT\bopcfg\www\CATALINA_BASE\conf\server.xml with the updated keystore file.
   1. Execute the command to generate the keystore file: keytool -import -keystore casm.keystore -file pam.crt
   2. Update server.xml with the correct path to the keystore file. 
9. Updating the tomcats server.xml requires tomcat restart. 
10. As the rpc_srvr process is a java process and it used the cacerts from SharedComponents JRE. Exmple folder location: C:\Program Files (x86)\CA\SC\JRE\11.0.3\lib\security\cacerts. 

11.  Hence make sure to update cacerts with the new certificate. Execute below command to update cacerts. 

    keytool -importcert -alias itpam -file pam.crt -keystore C:\Program Files (x86)\CA\SC\JRE\11.0.3\lib\security\cacerts

12. Restart rpc_srvr process by executing the command as: pdm_bounce rpc.