APM services will not start after configuring Asset Protfolio Management with SSL/HTTPS

Document ID : KB000017909
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

CA Asset Protfolio Management services may fail to start up due to SSL certificate issues:

Data Importer Engine
Event Service
HW Reconciliation Engine
LDAP Import Service
Registration Service

The below error will appear in the service log file:

INFO CA.Applications.DataImporterEngine.ImportServiceManager - ..Initializing Web Server [https://<APP-SERVER-NAME>:443/ITAMService/Service.asmx] access for Import Service

ERROR CA.Applications.DataImporterEngine.ImportServiceManager - An error occurred while accessing the Web Server:System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

This error can be cause for the following reasons:

1- the certificate was not issued by a trusted Certification Authority;
2- the certificate was issued to a name other than the Application Server hostname.

Solution:

First make sure the certificate is not expired or revoked.

Solution 1
Open the certificate assigned to the ITAMService site (.cer file) and click Install Certificate. Follow the wizard and select 'Place all certificates in the following store', click Browse and select 'Trusted Root Certification Authority'. Restart the affected service and make sure that the SSL error is notlogged.
#################
Solution 2
If the certificate was generated to an address other than the Application Service configured address in APM, you will need to manually update SQL entries to reflect this scenario. First make sure you can access the Web Service address using the following URL and that no SSL warning is displayed:
https://<issued-cert-name>:port/ITAMService/Service.asmx
Once this has been verified and a full valid MDB backup has been taken you can proceed with the following update on the MDB:

==================
USE mdb
UPDATE al_cdb_configurationparameters SET configvalue = '<issued-cert-name>'
WHERE configkey = 'ComponentServerName' AND componentkey = 'Application_Server'
==================

Issue the command 'iisreset' on the Web and Application Servers and attempt to start the affected services.

If the above does not solve the problem please raise a ticket with CA Support.