After setting WebView property introscope.webview.enterprisemanager.rest.base to use secure EM Web Server on login to Team Center receive map error 503 and WebView log shows 'java.security.cert.CertificateException: No name matching localhost found'

Document ID : KB000033521
Last Modified Date : 14/02/2018
Show Technical Document Details

Symptoms:

After setting WebView property introscope.webview.enterprisemanager.rest.base to use secure EM Web Server eg. https://localhost:8444/apm/appmap when login to Team Center via the unsecure WebView port e.g. http://localhost:8080 receive error "Error retrieving the map. Status code: 503". At the same time the WebView log shows message 'java.security.cert.CertificateException: No name matching localhost found'

 

Cause:

Java is checking the DNS name used in the URL against the Certificate Name (CN) stored in the EM Web Server keystore for the certificate alias being used by the EM Web Server and if it does not find a match it will issue the above message

 

 

Resolution:

1.  Normally it would be standard practice to enable the secure Connector for the WebView web server as well as the EM Web Server. If that is done then when login into Team Center with the secure URL e.g. https://localhost:8443 the problem will not occur (the certificate validation for the DNS name is then effectively disabled because the SSL connector in JVM code is invoked)

 

2. If enabling secure WebView is no wanted the steps from these 2 links will also resolve the problem:

http://java.globinch.com/enterprise-java/security/fix-java-security-certificate-exception-no-matching-localhost-found/

http://java.globinch.com/enterprise-java/security/pkix-path-building-failed-validation-sun-security-validatorexception/

a. Per link #1 use keytool to create new EM_HOME/config/internal/server/keystore and key with alias “wily”. On the prompt set first name/last name set to be “localhost” (maps to CN value) 

That step alone will not resolve the the 503 error and WebView log will show:

[ERROR] [WebView] Unable to establish connection with remote resource at https://localhost:8081/apm/appmap/private/permission! 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

b. Per link #2 export the “wily” key as a cert file from EM_HOME/config/internal/server/keystore & import into the file EM_HOME\jre\lib\security\cacerts 

c. Restart WebView, login to Team Center and the problem should be resolved.