After Configuring Spectrum for SSL it now shows "Unable to Contact" in the CAPC data source list

Document ID : KB000032485
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

After configuring Spectrum to use SSL, while CAPC is not configured to use SSL, the Spectrum data source shows as "Unable to Contact" in the CAPC data source list

In the PCService.log you will see an error that looks like this:

ERROR | qtp559824849-30    | 2015-01-09 12:04:09,957 | com.ca.im.portal.api.services.datasource.DataSourcePoll          

 

      | Received WebServiceException from version check for data source Spectrum Infrastructure Manager@xxx.xxx.xx.xx.  CAUSE=javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://xxx.xxx.xx.xx:8443/axis2/services/DataSourceWS: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. MESSAGE=Could not send Message..  Returning DS_COMM_FAILURE result.

 

Environment:

All CAPC environments

All Spectrum environments

 

Cause:

The Spectrum SSL cert has not been imported into the CAPC keystore

 

Resolution:

To resolve this issue you must import the Spectrum SSL cert into the CAPC keystore:

After configuring Spectrum to use SSL take the $SPECROOT/custom/keystore/cacerts file and move it over to the CAPC server. You can put it in the /opt/CA/jre/lib/security/ directory on the CAPC server  The cacerts file is the Spectrum keystore file to which certs are imported for configuring SSL.  Now do the following:

  1. Log on to the CAPC
  2. cd /opt/CA/jre/bin/
  3. Run the following command:  ./keytool -keystore /opt/CA/jre/lib/security/cacerts -storepass <password> -alias <alias> -importcert -file <cert name>.cer  -trustcacerts
  4. Kick off a full synch of the Spectrum data source

The Spectrum data source should now successfully synch in CAPC