Cannot connect mail or maileater to SSL in 17.1

Document ID : KB000103456
Last Modified Date : 16/07/2018
Show Technical Document Details
Issue:
After either upgrading to Service Desk Manager to 17.1, or configuring a new 17.1 install with SSL for the first time, SSL doesn't work.

In the logs you may see messages similar to this:

[Thread-3] c.c.S.m.c.PDMMailerUtil - [pdm_perl, pdm_keystore_mgr.pl, -import, C:\certs\cert.cer] 
[Thread-5] c.c.S.m.c.PDMMailerUtil - keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect 
[Thread-5] c.c.S.m.c.PDMMailerUtil - java.io.IOException: Keystore was tampered with, or password was incorrect 
[Thread-5] c.c.S.m.c.PDMMailerUtil - at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source) 
[Thread-5] c.c.S.m.c.PDMMailerUtil - at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source) 
[Thread-5] c.c.S.m.c.PDMMailerUtil - at sun.security.provider.KeyStoreDelegator.engineLoad(Unknown Source) 
[Thread-5] c.c.S.m.c.PDMMailerUtil - at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(Unknown Source) 
[Thread-5] c.c.S.m.c.PDMMailerUtil - at java.security.KeyStore.load(Unknown Source) 
[Thread-5] c.c.S.m.c.PDMMailerUtil - at sun.security.tools.keytool.Main.doCommands(Unknown Source) 
[Thread-5] c.c.S.m.c.PDMMailerUtil - at sun.security.tools.keytool.Main.run(Unknown Source) 
[Thread-5] c.c.S.m.c.PDMMailerUtil - at sun.security.tools.keytool.Main.main(Unknown Source) 
[Thread-5] c.c.S.m.c.PDMMailerUtil - Caused by: java.security.UnrecoverableKeyException: Password verification failed 
[Thread-5] c.c.S.m.c.PDMMailerUtil - ... 8 more 
[Thread-4] c.c.S.m.c.PDMMailerUtil - 
DEBUG [Thread-4] c.c.S.m.c.PDMMailerUtil - FAILED: The certificate was not imported into the keystore. 
DEBUG [Thread-4] c.c.S.m.c.PDMMailerUtil - Exiting at pdm_keystore_mgr.pl line 170. 
DEBUG [Thread-3] c.c.S.m.c.PDMMailerUtil - Exit value from pdm_keystore_mgr.pl: 1 

There may be a variety of other SSL related errors as well. The configuration may have worked in 14.1, but now in 17.1 it no longer works, even using the same certificate files.
Environment:
Service Desk Manager 17.1 and newer
Cause:
When the nx.keystore is created the key should be populated in the NX.env file as the value:
@NX_KEYSTORE_REF

Review the NX.env file, if this value is missing then there may have been a problem during the creation of the nx.keystore file.
Resolution:
1) Remove NX_ROOT\pdmconf\nx.keystore 
2) Restart services
3) Once services are restored confirm in the pdmconf folder if a new nx.keystore is created. Also review the NX.env to ensure that the NX_KEYSTORE_REF was populated there as well.
Additional Information:
How to enable debug logging in for maileater in Service Desk Manager 17.1 and newer:

https://comm.support.ca.com/kb/how-to-enable-the-debug-or-trace-mode-for-the-17-1-maileater/kb000098428