Changing Global User password on Provisioning Manager end up with Error - [rc=60] error setting certificate verify locations

Document ID : KB000004028
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

We enabled the setting "Use External Password Policies" on Provisioning Server, and recently we changed the inbound notification URL to a https url.

Then when we modify a Global User through the Provisioning Manager, the following error is encountered: 

--------------------------- 
IM Provisioning Manager 
--------------------------- 
:ETA_E_0007<MGU>, Global User 'TestUser' modification failed: PMC_VALIDATE_PASSWORD: Rc: 3. FAILED( https://specific environment URL:port/idm/ETACALLBACK/?env 
[rc=60] error setting certificate verify locations: 
CAfile: Not assigned 
CApath: none

 

Environment:
Windows/Linux
Cause:

The issue is due to the Trusted CA Certificate is not configuration on Provisioning Server, therefore the Provisioning Server is unable to connect to IM server and establish the https connection for checking password quality.

Resolution:

This issue is resolved by pointing to the Trusted Certificate Authority through the Provisioning Manager.

This is configured from the Provisioning Manager under:
SYSTEM\Domain Configuration\Identity Manager Server\Trusted CA Bundle parameter.

Edit this Parameter Value with the path to the Trusted Certificate Authority.

 

 

Note: Changing this parameter will require restarting ALL effected servers.

Additional Information:

N/A