I having issue connecting standalone ucmdb browser 4.14 on Tomcat over HTTPS to uCMDB server. Two node HA uCMDB 10.3x servers located behind loadbalancer. I imported CA certificate chain from LB to JAVA JRE truststore, but connection fails. LB is BigIP F5 v13
2017-10-25 10:57:31,256 ERROR [pool-3-thread-1] UcmdbConnectionImpl - Could not connect to UCMDB server for connection: server: ucmd******, customer: N/A
com.hp.ucmdb.api.CommunicationException: Connection to uCMDB server was not successful.
Caused by: com.hp.ucmdb.api.CommunicationException: java.net.SocketException: Connection reset
Caused by: java.net.SocketException: Connection reset
If I bypass loadbalancer and specify connection directly to ucmdb server then all working.
I imported same certificates to UD Probe truststore and connection trough LB working without issues
Also found java code for testing HTTPS connection (http://hc.apache.org/httpclient-3.x/sslguide.html at Troubleshooting in bottom)
If certificates imported to "cafile", then HTTPS connection to ucmdb behind LB succeeds:
HTTP/1.1 200 OK
Date: Thu, 26 Oct 2017 11:09:53 GMT
Content-Security-Policy: frame-ancestors 'self'
Set-Cookie: BIGipServer~DR~ucmd******_8443_pool=rd100o00000000000000000000********************; path=/; Httponly; Secure
And without certs it looks like this:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
What else I should check?