Catalog datasource does not work when using SSL URL in Unified Self-Service

Document ID : KB000094790
Last Modified Date : 04/05/2018
Show Technical Document Details
Issue:
When testing Catalog datasource in Unified Self-Service using a SSL URL, the following error appears:

The Base URL mentioned is not correct. Cannot reach a valid CA Service Data Source web service. Error connecting to CA Service Catalog Server.


User-added image

In USS logs (liferay logs) the following will appear:

DEBUG [CATALOGSource:39] Validating Catalog Service using WSDL - <Catalog WebService URL>
DEBUG [ExternalSourceData:39] Testing existence of the WSDL: <Catalog WebService URL>
WARN [ExternalSourceData:313] Error occured while testing of the WSDL: <Catalog WebService URL>
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
...

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 273 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 279 more
DEBUG [CATALOGSource:39] Validating Service Catalog Test Login 'false'.
DEBUG [DataSourceConnectionStatus:39] Status JSON '{"status":"FAILURE","errorMessages":["The Base URL mentioned is not correct. Cannot reach a valid CA Service Data Source web service.","Error connecting to CA Service Catalog Server."],"messages":[]}'.
Environment:
Unified Self-Service (USS) 14.1 and later
Service Catalog 14.1 and later
Resolution:
Implement Approach A noted in the following document:

How to configure CA Unified Self Service (USS) to connect to HTTPS based Service Catalog/Service Desk?
https://comm.support.ca.com/kb/how-to-configure-ca-unified-self-service-uss-to-connect-to-https-based-service-catalogservice-desk/kb000044098