The customer has followed the manual steps for setting up SSL from the documentation under 2.7 Manually Setting Up SSL:
To set up SSL, get the x509 certificate from the application server, convert it to binary if it is text, and import the certificate into the cacerts file of the JRE. SSL authentication is not RA functionality, it is provided by the JVM infrastructure. In upcoming releases we will provide SSL certification management as part of the RA solution.
To successfully connect using SSL to a service:
1. Get the x509 certificate from the application server (FTPS server, HTTPS Web Service, etc.).
2. If the certificate file is text, issue the following command to convert it to binary format:
openssl x509 -in "absolute path name for the cert file" -out cert.der
3. Use the following command to import the certificate into the cacerts file of the JRE:
keytool -import -v -alias serverCert -file cert.der -keystore "<path for the cacerts file for your JRE>"
There are step-by-step instructions for getting past this error.
1. Connect to a URL that requires a certificate:
If you try to create a new adapter for an RA solution (e.g. WebServices, VMWare, etc) that requires a certificate, you get the following error message:
Go to the webpage and copy the certificate into a file.
The screenshots below demonstrate how to import the certificate into a file using Internet Explorer:
The next step is to find out which java version is used.
For example, this agent is started via the ServiceManager Dialog and uses the java listed below:
Now search for a file named 'cacerts' in the java directory that runs this agent. In this example it is found in the follow directory:
and run the following command line to import the certificate:
keytool -importcert -file c:\Acumen.cer -keystore cacerts
You can use 'changeit' as keystore password (that is a default password).
C:\Program Files\Java\jdk1.6.0_16\jre\lib\security>keytool -importcert -file c:\Acumen.cer -keystore cacerts
Enter the keystore password:
Owner: EMAILADDRESSemail@example.com, CN=usvendor1, OU=Acumen, O=domain, L=Seattle, ST=Washington, C=US
Issuer: EMAILADDRESSfirstname.lastname@example.org, CN=usvendor1, OU=Acumen, O=domain, L=Seattle, ST=Washington, C=US
Serial number: debf4656cc942184
Valid from: Tue Mar 02 07:39:14 PST 2010 until: Wed Mar 02 07:39:14 PST 2011
Signature algorithm name: SHA1withRSA
Trust this certificate? [no]: yes
Certificate was added to keystore
The import is done and the agent can connect to the URL specified in the RA agent .
If you're interested in a more detailed description ?