Problem Securing Execution Server

Document ID : KB000111831
Last Modified Date : 21/08/2018
Show Technical Document Details
Issue:
I am unable to make the communication between Management server and execution server secure. 
While in ASAP the following error is given after changing the port to 8443 and protocol to https: 
Could not access HTTP invoker remote service at [HTTPS://executionServerName:8443/execution/UpdateCommunicationService]; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Environment:
CA Release Automation Server 6.6.0.9640
Cause:
An attempt was made to update the conf/keyStore.jks with a custom certificate. This causes problems while initializing the startup of the Execution Server. An error like the following can be found in the logs/nolio_exec_all.log:

<date> <time> <thread> ERROR <class> - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.scheduling.support... .... .... .... 
 ... ...
 ... ... Invocation of init method failed; nested exception is java.lang.RuntimeException: java.security.UnrecoverableKeyException: Cannot recover key
 
Resolution:
By default, the conf/keyStore.jks keystore file has a single key that has an alias that is the same as the hostname where the keystore file is located. Remove the custom certificate that had been attempted to be added using the command: <RAExecutionServerInstallDir>/jre/bin/keytool -delete -alias <alias of your custom key> -keystore conf/keyStore.jks

 
Additional Information:
Product Documentation: Secure Management Server to Execution Server Communication
KB Article: Configuring SSL for RA repository server
KB Article: Secure Communications With Signed Certificates