The Service Desk Manager Connector fails to function when SSL is enabled for Service Desk Manager

Document ID : KB000056644
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

If Service Desk Manager is configured for SSL you may run into a situation where the Service Desk Manager Connector fails to connect successfully. You may see errors logged similar to:

14:48:56.022 ERROR GRLoader 297 nested exception is:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: timestamp check failed
14:48:56.022 INFO GRLoaderInitializer 40 GRLoader initialization
returned value :1
14:48:56.131 INFO TCP_port 1581 TCP_port wait interrupted
14:48:56.240 FATAL ConnectorHelper 180 Unable to connect to Service
Desk Manager.
com.ca.sdm.connector.grloader.GRLoaderInitializationException: GRLoader
Initialization Failed. Please check the GRLoader parameters and try Again.

 

Solution:

To resolve the SSLHandshakeException error the SSL certificate from Service Desk Manager must be imported into the cacerts associated with the Service Desk Manager Connector.

  1. Open a web browser, and access the webservice url (for example https://SERVERNAME:8443/axis/services/USD_R11_WebService)

 

  1. From the browser, export the https certificate and save it to the local machine (for example, save as: C:\sdm.crt)

 

  1. Copy the sdm.crt file to the server and with a command prompt (running as Administrator) navigate to the Service Desk Manager Connector install folder, this will typically be


"C:\Program Files (x86)\CA\Catalyst\CatalystConnector”

If the Connector was installed using the 32-bit Java enter the JRE directory

If the Connector was installed using the 64-bit Java enter the JRE-64 directory

Note: If the 32-bit Java was selected during the install process only the “JRE” folder will be present

4.    Run the following command:

keytool -import -keystore cacerts -file c:\sdm.crt

 

Note:  The above command should import the c:\sdm.crt certificate to the JRE_HOME\lib\security\cacerts  keystore.  JRE_HOME refers to the 32-bit or 64-bit JRE as mentioned above.

For detailed usage of keytool you may refer http://docs.oracle.com/javase/tutorial/security/toolfilex/rstep1.html

 

5.      When prompted for a password, use the default which is "changeit".

 

6.      Restart the Service Desk Manager Connector services.