RE: We are getting SSL errors. Do we need to add the server certs to the keystores that the agents are using??
Do we need to add the server certs to the keystores that the agents are using.
I see a few places that have cacerts.
One in controller
/apps/dictrl1/diyotta/controller/server/jre/lib/security/cacerts
does each agent folder has a cacert as well??
/apps/diagnt1/diyotta/agent/cacerts
Do the agents use the cert in it’s own DI_HOME=/apps/diagnt1/diyotta/agent?
Do I need to set up something in the config to use a specific one ?
++++
EFA00003: Connection Establishment Error!javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
org.glassfish.jersey.client.HttpUrlConnector.apply(HttpUrlConnector.java:244)
org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:254)
org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:671)
org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:668)
org.glassfish.jersey.internal.Errors.process(Errors.java:315)
org.glassfish.jersey.internal.Errors.process(Errors.java:297)
org.glassfish.jersey.internal.Errors.process(Errors.java:228)
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:444)
org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:668)
org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:402)
org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:302)
com.diyotta.fla.sm.service.impl.TestConnection.testConnection(TestConnection.java:1049)
com.diyotta.fla.sm.service.impl.TestConnection.run(TestConnection.java:172)
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
java.util.concurrent.FutureTask.run(FutureTask.java:266)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
java.lang.Thread.run(Thread.java:748)
++++
Hi Tom,
Each Agent has it’s own jre/security folder and refers to the cacerts present in this folder.
So we need to Import the cacerts across all the Agents in the below-mentioned path.
Path: /apps/diagnt1/diyotta/agent/server/jre/lib/security/
we dont have to change anything in the config file.