Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
Absent Member.. LS-Shirley Absent Member..
Absent Member..
1063 views

UD with BSM integration get PKIX path building failed since certificate expired

Hello experts, Our UD with BSM integration hasn't worked since certificate expired. Then I re-generate keystore file and update cetificate on both BSM and UCMDBserver then restart both servers. But the issue persists? THe error: at java.lang.Thread.run(Thread.java:722) Caused by: com.hp.ucmdb.api.CommunicationException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target How to fix this issue? Thanks Shelly
Tags (1)
0 Likes
3 Replies
Absent Member.. Sree_CMS Absent Member..
Absent Member..

Re: UD with BSM integration get PKIX path building failed since certificate expired

After generating the new certificate, you need to exchange the certificate between BSM and uCMDB.  You need to export the certs from uCMDB and BSM machines.. Make sure you have 2 diffrent names for the cert so that you can recognixe them when exchanging. 

 

To Export

 

from uCMDB:

keytool -export -alias hpcert -keystore <..\conf\security\server.keystore> -storepass <your password> -file hpcert_cms

 

from BSM:

keytool -export -alias hpcert -keystore <..\conf\security\server.keystore> -storepass <your password> -file hpcert_bsm

 

exchange the certs between BSM and uCMDB

 

from uCMDB:

keytool -import -v -keystore <....truststore>  -file  hpcert_bsm

 

from BSM:

keytool -import -v -keystore <....truststore>  -file  hpcert_cms

 

 

0 Likes
Absent Member.. LS-Shirley Absent Member..
Absent Member..

Re: UD with BSM integration get PKIX path building failed since certificate expired

Hi Sree_CMS,

 

I exchanged keys by importing each other then I get the fllowing error on both side. Anything wrong?

Could I confirm with you:

 

from uCMDB:

keytool -import -v -keystore <....truststore>  -file  hpcert_bsm 

 

Is the keystore file from UD or BSM here? Should I also copy BSM keystore file to UD server? Should the keystore file keep the same format? in my case,UD use .keystore format but BSM I use .jks keystore format.

 

from BSM:

keytool -import -v -keystore <....truststore>  -file  hpcert_cms

 

Looking forward to your reply.

0 Likes
Absent Member.. LS-Shirley Absent Member..
Absent Member..

Re: UD with BSM integration get PKIX path building failed since certificate expired

Hi,

 

Our UCMDB, UD probe,BSM are installed on seperate servers.

 

While importing keys, should I import keys for probe or UCMDB ?

 

I have tried to import into Probe & UCMDB  truststore, keystore,cacerts all. But the integration point still get the same error when I test connection.

 

Who have experienced this issue before?

 

Thanks

Shirley

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.