com.uc4.be.gui.remote.CITGuiException: com.uc4.be.gui.remote.CITGuiException: java.lang.RuntimeExce

Document ID : KB000090387
Last Modified Date : 14/04/2018
Show Technical Document Details
Issue:
com.uc4.be.gui.remote.CITGuiException: com.uc4.be.gui.remote.CITGuiException: java.lang.RuntimeExce
Resolution:

Investigation
The customer has followed the manual steps for setting up SSL from the documentation under 2.7 Manually Setting Up SSL:

To set up SSL, get the x509 certificate from the application server, convert it to binary if it is text, and import the certificate into the cacerts file of the JRE. SSL authentication is not RA functionality, it is provided by the JVM infrastructure. In upcoming releases we will provide SSL certification management as part of the RA solution.
    To successfully connect using SSL to a service:
    1. Get the x509 certificate from the application server (FTPS server, HTTPS Web Service, etc.).
    2. If the certificate file is text, issue the following command to convert it to binary format:
    openssl x509 -in "absolute path name for the cert file" -out cert.der
    -outform DER
    3. Use the following command to import the certificate into the cacerts file of the JRE:
    keytool -import -v -alias serverCert -file cert.der -keystore "<path for the cacerts file for your JRE>"

Solution
There are step-by-step instructions for getting past this error.

1.  Connect to a URL that requires a certificate:
.png

.png

If you try to create a new adapter for an RA solution (e.g. WebServices, VMWare, etc) that requires a certificate, you get the following error message:
.png

Go to the webpage and copy the certificate into a file.

The screenshots below demonstrate how to import the certificate into a file using Internet Explorer:
.png

.png
.png

.png

.png

The next step is to find out which java version is used.

For example, this agent is started via the ServiceManager Dialog and uses the java listed below:
C:\Program Files\Java\jdk1.6.0_16\bin\

Now search for a file named 'cacerts' in the java directory that runs this agent.  In this example it is found in the follow directory:
C:\Program Files\Java\jdk1.6.0_16\jre\lib\security

and run the following command line to import the certificate:

keytool -importcert -file c:\Acumen.cer -keystore cacerts

You can use 'changeit' as keystore password (that is a default password).

C:\Program Files\Java\jdk1.6.0_16\jre\lib\security>keytool -importcert -file c:\Acumen.cer -keystore cacerts

Enter the keystore password:

Owner: EMAILADDRESS=john.smith@domain.com, CN=usvendor1, OU=Acumen, O=domain, L=Seattle, ST=Washington, C=US

Issuer: EMAILADDRESS=john.smith@domain.com, CN=usvendor1, OU=Acumen, O=domain, L=Seattle, ST=Washington, C=US

Serial number: debf4656cc942184

Valid from: Tue Mar 02 07:39:14 PST 2010 until: Wed Mar 02 07:39:14 PST 2011

Certificate fingerprints:
MD5: B3:BF:73:2C:62:25:B3:18:6F:8B:B8:35:5C:B8:94:58
SHA1: F7:6E:A2:42:2C:30:AF:C2:FF:86:E8:F9:D6:3C:EB:D0:16:E3:BD:A0
Signature algorithm name: SHA1withRSA
Version: 1
Trust this certificate? [no]: yes
Certificate was added to keystore
The import is done and the agent can connect to the URL specified in the RA agent .
If you're interested in a more detailed description ?
http://java.sun.com/javase/6/docs/technotes/tools/solaris/keytool.html