Absent Member.
Absent Member.

Re: Role and Servicedriver certificates to talk to UA

On 06/15/2012 11:06 AM, abergvall wrote:
> Hi,
> I had to change certificates in our Userapplication jboss (UA3.7 patch
> E). The new cert is signed by our internal CA (not the eDir one), and
> all is well, the keystore has root of the CA and the signed server
> certificate.
> Jboss starts ok, and all is well on that part.
> Looking in the trace on the IDM server I do find errors when the Role
> and Resource service driver try to connect to the UA to do what it is
> supposed to do.
> 16:52:02 1728 Drvrs: Role and Resource ST:
> DirXML Log Event -------------------
> Driver: \IDV\Corp\res\IDV-DriverSet\Role and Resource Service Office
> Channel: Subscriber
> Status: Error
> Message: Unable to start Approval Workflow
> Workflow DN: ...
> Reason: java.lang.RuntimeException:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> Thinking this is supposed to happen since I changed the certificates in
> the UA.
> Added our CA:s root to the lib\security\cacerts keystore and restrted
> the driver. No difference.
> What did I miss? Probably lots of things...
> Any suggestions?
> br
> /Anders

You have to install the certificate into the cacerts file of the jre
that the IDM Engine(s) is running with and then restart eDirectory.
This must be done for each IDM server that could call to the UserApp via

Steven Williams
Lead Software Engineer
Labels (1)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.