Datamaker cannot perform an Enterprise Publish because the configured location of TDM portal is incorrect or portal is not running

Document ID : KB000113505
Last Modified Date : 19/09/2018
Show Technical Document Details
Issue:
ERROR: Datamaker cannot perform an Enterprise Publish because the configured location of TDM portal is incorrect or the portal is not running.

The restutil log will have an exception listed:
INFO: Using TDM Portal at (specified via CMD LINE) https://tdmportal.sub.ca.com:8443
INFO: Publishing job 1234
ERROR: Datamaker cannot perform an Enterprise Publish because the configured location of TDM portal is incorrect or the portal is not running.
INFO: PublishException caught at top-level:
com.ca.tdm.restutil.PublishException: Datamaker cannot perform an Enterprise Publish because the configured location of TDM portal is incorrect or the portal is not running.
    at com.ca.tdm.restutil.Api.exchange(Api.java:249)
    at com.ca.tdm.restutil.Api.login(Api.java:103)
    at com.ca.tdm.restutil.Api.login(Api.java:72)
    at com.ca.tdm.restutil.ActionPublish.perform(ActionPublish.java:84)
    at com.ca.tdm.restutil.Cli.runImplementation(Cli.java:139)
    at com.ca.tdm.restutil.Cli.run(Cli.java:89)
    at com.ca.tdm.restutil.Application.main(Application.java:28)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:54)
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:104)
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:61)
    at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:52)
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://tdmportal.sub.ca.com:8443/TestDataManager/user/login": 
java.security.cert.CertificateException: No subject alternative DNS name matching tdmportal.sub.ca.com found.; 
nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
No subject alternative DNS name matching tdmportal.sub.ca.com found.
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:607)
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:572)
    at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:534)
    at com.ca.tdm.restutil.Api.exchange(Api.java:240)
    ... 14 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching tdmportal.sub.ca.com found.
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
    at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:80)
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:596)
    ... 17 common frames omitted
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching tdmportal.sub.ca.com found.
    at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:214)
    at sun.security.util.HostnameChecker.match(HostnameChecker.java:96)
    at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1019)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
    ... 31 common frames omitted
Cause:
There are two likely causes for this problem:

The wrong FQDN could be specified within the repo for the TDM Portal's location.

OR

The certificate is configured to accept requests via the hostname specified - for example a FQDN that uses a sub-domain.
Resolution:
First, make sure that the correct hostname/FQDN is used in the publish by validating the configuration within the gtrep:
select url from gtrep_service_status where service_name = 'tdmpublish';

If this is incorrect, update it accordingly:
update gtrep_service_status set url = 'https://[FQDN]:[PORT]' where service_name = 'tdmpublish'


If this isn't the problem, or doesn't resolve the problem, it's likely that the certificate doesn't contain the proper "Subject Alternative Name" (SAN) for the hostname/FQDN being used. If this is the case, then the certificate will need to be recreated.

Example on how to include additional Subject Alternative Name(s) for a Self-Signed Certificate:

The "alias" used in this example is "TDMPORTAL". This is also being used as the hostname. The alias can be anything that is unique to the keystore and doesn't have to be the hostname.
  1. Stop the "CA Test Data Manager Portal" service
  2. Open a command prompt
  3. Add JRE\bin to the PATH:
    set PATH=%PATH%;C:\Program Files\CA\CA Test Data Manager Portal\jre\bin
  4. cd C:\Program Files\CA\CA Test Data Manager Portal\conf
  5. Generate a new cert:
    keytool -genkey -alias "TDMPORTAL" -keyalg RSA -keystore ".newkeystore" -ext san=dns:localhost,dns:TDMPORTAL,dns:TDMPORTAL.sub.ca.com,dns:TDMPORTAL.ca.com
  6. Validate the cert with the configured SAN's:
    keytool -list -v -keystore .newkeystore -alias TDMPORTAL
  7. cd C:\Program Files\CA\CA Test Data Manager Portal\service\bin
  8. EncryptionUtil.bat -p
    1. Provide the same password used for the keystore when the cert was generated in step 5
  9. Open C:\Program Files\CA\CA Test Data Manager Portal\conf\application.properties and modify the tdmweb.key* values accordingly:
    tdmweb.keystorePath=C:/Program Files/CA/CA Test Data Manager Portal/conf/.keystore
    tdmweb.keystorePassword=[encrypted password returned from step 8, including {cry} prefix]
    tdmweb.keyAlias="TDMPORTAL"
  10. Save the application.properties
  11. Restart the "CA Test Data Manager Portal" service
Additional Information:
The default password for most Java Keystores is "changeit" - this is not seen as secure and should be avoided accordingly when generating your own keystore. Be sure to save the password in a known location where it will be accessible if needed.

Refer to the following documentation:
Create and Implement a Self-Signed Certificate

Use a Certificate from a Third-Party Certificate Authority

If using a Third-Party CA, please check with the CA on the requirements for including additional Subject Alternate Names within the Certificate Signing Request (CSR).