SystemEDGE SRM Http test results in exception "Could not generate DH Keypair"

Document ID : KB000006678
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

SRM AIM Https tests are failing with the following errors:

  • IOException thrown by the html page download: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
  • ERROR: jcollector.SATestException: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
Cause:

This is a known issue with Java 7 and verified to be a problem on 1.7.0_72

Resolution:
  1. Upgrade to Java 8 (1.8.0_151 confirmed to resolve)
  2. Import the certificate with the keytool command. 
Additional Information:

The Java SE Runtime Environment 1.8_151 can be downloaded from the following URL location.

 

http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

 

In the SRM svcrsp.cf configuration file there is javabin entry which points to the location where java is installed.

 

Windows:

   javabin="C:\Program Files\CA\SystemEDGE\jre\bin\javaw.exe"

 

Unix/Linux:

   javabin=/opt/CA/SystemEDGE/jre/bin/java

 

When upgrading make sure the SystemEDGE agent service is stopped.  

Backup the existing /SystemEDGE/jre directory by renaming the directory to "jre.old".  

Extract the contents of the JRE 1.8_151 into a new /SystemEDGE/jre directory.

 

Alternatively, if there is a public version of JRE 1.8 installed on the system, the javabin= location can be set to public installation location path.