UCMDB and UD Practitioners Forum (Previously CMS)
cancel

UD with BSM integration get PKIX path building failed since certificate expired

Highlighted
LS-Shirley
Respected Contributor.

UD with BSM integration get PKIX path building failed since certificate expired

Hello experts, Our UD with BSM integration hasn't worked since certificate expired. Then I re-generate keystore file and update cetificate on both BSM and UCMDBserver then restart both servers. But the issue persists? THe error: at java.lang.Thread.run(Thread.java:722) Caused by: com.hp.ucmdb.api.CommunicationException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target How to fix this issue? Thanks Shelly
3 REPLIES
Sree_CMS
HPE Pro

Re: UD with BSM integration get PKIX path building failed since certificate expired

After generating the new certificate, you need to exchange the certificate between BSM and uCMDB.  You need to export the certs from uCMDB and BSM machines.. Make sure you have 2 diffrent names for the cert so that you can recognixe them when exchanging. 

 

To Export

 

from uCMDB:

keytool -export -alias hpcert -keystore <..\conf\security\server.keystore> -storepass <your password> -file hpcert_cms

 

from BSM:

keytool -export -alias hpcert -keystore <..\conf\security\server.keystore> -storepass <your password> -file hpcert_bsm

 

exchange the certs between BSM and uCMDB

 

from uCMDB:

keytool -import -v -keystore <....truststore>  -file  hpcert_bsm

 

from BSM:

keytool -import -v -keystore <....truststore>  -file  hpcert_cms

 

 

LS-Shirley
Respected Contributor.

Re: UD with BSM integration get PKIX path building failed since certificate expired

Hi Sree_CMS,

 

I exchanged keys by importing each other then I get the fllowing error on both side. Anything wrong?

Could I confirm with you:

 

from uCMDB:

keytool -import -v -keystore <....truststore>  -file  hpcert_bsm 

 

Is the keystore file from UD or BSM here? Should I also copy BSM keystore file to UD server? Should the keystore file keep the same format? in my case,UD use .keystore format but BSM I use .jks keystore format.

 

from BSM:

keytool -import -v -keystore <....truststore>  -file  hpcert_cms

 

Looking forward to your reply.

LS-Shirley
Respected Contributor.

Re: UD with BSM integration get PKIX path building failed since certificate expired

Hi,

 

Our UCMDB, UD probe,BSM are installed on seperate servers.

 

While importing keys, should I import keys for probe or UCMDB ?

 

I have tried to import into Probe & UCMDB  truststore, keystore,cacerts all. But the integration point still get the same error when I test connection.

 

Who have experienced this issue before?

 

Thanks

Shirley