Agent Reports SSL Handshake Failure

Document ID : KB000038309
Last Modified Date : 28/08/2018
Show Technical Document Details
Issue:

An action or process fails to execute on an agent. Reviewing the log files reveals the following error:

ERROR (com.nolio.nimi.comm.impl.nettysupport.BasicHandler:57) - NimiConnectionImpl{remoteAddress=null, localAddress=null, connectionID=null, channel=null, closed=true, lastAccessedTime=1454818109187}:javax.net.ssl.SSLException: Received fatal alert: handshake_failure
javax.net.ssl.SSLException: Received fatal alert: handshake_failure
 

Environment:
CA Release Automation 5.x and 6.x
Cause:
SSL encryption is not properly configured for communication between the Nolio Execution Server (NES) and agent(s).
Resolution:

If SSL encryption is desired for communication between the NES and agent(s), ensure both NES and agent(s) have the same certificate installed.

If SSL encryption was not intended to be enabled between the NES and agent(s) (for example, if the intention was to apply encryption to the NAC only for web access purposes), then edit the nimi_config.xml file on both NES and agent(s) and set the encryption "enabled" property to "false", as follows:

<security>
<enabled>false</enabled>

OR, if you want the agent and NES configured to communicate securely then make sure that their nimi_config.xml files are both set with security = true and that they are configured with keystore and truststore configurations that would allow for a successful SSL handshake.

 

Additional Information:
Configuring SSL between Execution Servers and Agents are documented here: Secure Execution Server to Agent Communication