Visualizer Stops Working After Applying an SSL certificate

Document ID : KB000019825
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

After associating an SSL certificate to Visualizer it may stop functioning, and if you view the visualizer_log.log files you may see errors like:


ERROR LaunchVisualizerImpl.performLoginServiceManaged(129)  - AXIS Fault Description ::; nested exception is: javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode: 
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
faultActor: 
faultNode: 
faultDetail: 
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Solution:

In order to resolve this problem the SSL certificate that is associated to the Visualizer Tomcat must be imported into the cacerts.

From a command prompt browse to the JRE directory associated to Service Desk Manager, for a 12.7 system the path would typically be:
C:\Program Files (x86)\CA\SC\JRE\1.6.0_30\bin

(if you are unsure of the location you can confirm the information by opening the NX.env file in the root Service Desk Manager directory and finding the line:
@NX_JRE_INSTALL_DIR=
This will show you the exact path)

While in the location run the following command:
keytool -import -alias *define an alias* -keystore ..\lib\security\cacerts -file *define the full path of the SSL certificate being used for Visualizer*

To confirm that the certificate is imported you can run the command:
keytool -list -keystore ..\lib\security\cacerts

If the certificate imported correctly you should see the alias that you defined in the import command in the list of items returned

After this is complete you will need to restart Service Desk Manager services for the process to complete.