RE: We are getting SSL errors. Do we need to add the server certs to the keystores that the agents are using??

Do we need to add the server certs to the keystores that the agents are using.

I see a few places that have cacerts.

One in controller

/apps/dictrl1/diyotta/controller/server/jre/lib/security/cacerts

does each agent folder has a cacert as well??

/apps/diagnt1/diyotta/agent/cacerts

 

Do the agents use the cert in it’s own DI_HOME=/apps/diagnt1/diyotta/agent?

 

Do I need to set up something in the config to use a specific one ?

 

 

 

++++

EFA00003: Connection Establishment Error!javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
org.glassfish.jersey.client.HttpUrlConnector.apply(HttpUrlConnector.java:244)
org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:254)
org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:671)
org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:668)
org.glassfish.jersey.internal.Errors.process(Errors.java:315)
org.glassfish.jersey.internal.Errors.process(Errors.java:297)
org.glassfish.jersey.internal.Errors.process(Errors.java:228)
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:444)
org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:668)
org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:402)
org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:302)
com.diyotta.fla.sm.service.impl.TestConnection.testConnection(TestConnection.java:1049)
com.diyotta.fla.sm.service.impl.TestConnection.run(TestConnection.java:172)
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
java.util.concurrent.FutureTask.run(FutureTask.java:266)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
java.lang.Thread.run(Thread.java:748)

++++

 

TommyM Beginner Asked on February 24, 2020 in Diyotta Controller.
Add Comment
1 Answers

Hi Tom,

Each Agent has it’s own jre/security folder and refers to the cacerts present in this folder.

So we need to Import the cacerts across all the Agents in the below-mentioned path.

Path: /apps/diagnt1/diyotta/agent/server/jre/lib/security/

we dont have to change anything in the config file.

 

Expert Answered on February 24, 2020.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.