getCertFromCBB: failed to get read cert file

Document ID : KB000005698
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

AM Agent or SD Agent is not working properly.

In the logs (ex: TRC_AMAGENT*.log) following error could be seen :

 

amagent   |cbbcstor        |cbbcstor            |000000|ERROR  | getCertFromCBB: failed to get read cert file

amagent   |cbbkstor        |cbbkstor            |000000|ERROR  | CSecretStore::retrieveSecret: cbbcstor.ff27f6a7459ecb80f066f3ace25ae361c36b7697: not found

amagent   |cfNetwork       |CTLSLayer.cpp       |000292|ERROR  | CTLSLayer::ClientHandshake: Unable to load TLS Provider for client

amagent   |cfNetwork       |CCFNetConnection.cpp|000548|ERROR  | CCFNetConnection::NegotiateEncryptedChannel: Unable to negotiate a TLS channel with the peer

amagent   |cfFTClientAPI   |                    |000000|ERROR  | CFTClientNotifier::Notify - Received unableToConnect notification!

 

Cause:

This problem could be caused if there is a wrong configuration for itcm-self-signed certificate in the file CBB\certstor.dat. For example :

  • Missing certificate
  • Wrong Computer Name
Resolution:

 

  • Edit the file C:\Program Files (x86)\CA\SC\CBB\certstor.dat with notepad (or /opt/CA/SharedComponents/CBB/certstor.dat  on Linux/Unix)
  • Remove all blocks like this (with OU=itcm-sefl-signed)

id=cert.ff27f6a7459ecb80f066f3ace25ae361c36b7697

data=

subj "CN=computername,OU=itcm-self-signed,O=ca" sn "02" skid "ff27f6a7459ecb80f066f3ace25ae361c36b7697" from 1475288865l to 1506914865l auth pvkey file "/opt/CA/SharedComponents/CBB/certdb/364AAF687A892A7FF6A95A9CBF18D5845798DA0D.der"

end

 

  • Check if computer name is correct in block. Otherwise correct the name.

id=tag.itcm-anonymous

data=

CN=computer name,OU=itcm-self-signed,O=ca

end

 

  •  Execute this command

cacertutil list -v