AMS fails to connect to SAM when connection is restricted to TLS 1.2

Document ID : KB000005388
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

CA SAM is configured with HTTPS and connections are restricted to use TLS 1.2 protocol only. When AMS tries to pull data from CA SAM via the link Asset Viewer - Discovered Information the connection fails and the below error is logged in AMS.log:

DEBUG HTTPSender 146 java.net.SocketException: Connection reset 

DEBUG NSStack 2445 NSPop (empty) 

AxisFault

 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException

 faultSubcode: 

 faultString: java.net.SocketException: Connection reset

 faultActor: 

 faultNode: 

 faultDetail: 

{http://xml.apache.org/axis/}stackTrace:java.net.SocketException: Connection reset

Environment:
ITAM 14.1CA SAM 4.x
Cause:

This problem occurs because the Tomcat and jre7 packages that are shipped with AMS are not configured to handle TLS 1.2 connections.

Resolution:

In order to resolve this problem you should follow the steps of the article TEC1233998 to upgrade the affected components to Tomcat 8 and jre8.

Once the above steps have been performed you will need to import the CA SAM certificate into the new jre8 keystore. The article TEC1044241 contains the required steps.

Note: JRE_PATH refers to the newly created jre8 folder under AMS.