UCMDB and UD Practitioners Forum (Previously CMS)
Showing results for 
Search instead for 
Do you mean 

UD with BSM integration get PKIX path building failed since certificate expired

Frequent Advisor

UD with BSM integration get PKIX path building failed since certificate expired

Hello experts, Our UD with BSM integration hasn't worked since certificate expired. Then I re-generate keystore file and update cetificate on both BSM and UCMDBserver then restart both servers. But the issue persists? THe error: at java.lang.Thread.run(Thread.java:722) Caused by: com.hp.ucmdb.api.CommunicationException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target How to fix this issue? Thanks Shelly
3 REPLIES
HPE Blogger

Re: UD with BSM integration get PKIX path building failed since certificate expired

After generating the new certificate, you need to exchange the certificate between BSM and uCMDB.  You need to export the certs from uCMDB and BSM machines.. Make sure you have 2 diffrent names for the cert so that you can recognixe them when exchanging. 

 

To Export

 

from uCMDB:

keytool -export -alias hpcert -keystore <..\conf\security\server.keystore> -storepass <your password> -file hpcert_cms

 

from BSM:

keytool -export -alias hpcert -keystore <..\conf\security\server.keystore> -storepass <your password> -file hpcert_bsm

 

exchange the certs between BSM and uCMDB

 

from uCMDB:

keytool -import -v -keystore <....truststore>  -file  hpcert_bsm

 

from BSM:

keytool -import -v -keystore <....truststore>  -file  hpcert_cms

 

 

Frequent Advisor

Re: UD with BSM integration get PKIX path building failed since certificate expired

[ Edited ]

Hi Sree_CMS,

 

I exchanged keys by importing each other then I get the fllowing error on both side. Anything wrong?

Could I confirm with you:

 

from uCMDB:

keytool -import -v -keystore <....truststore>  -file  hpcert_bsm 

 

Is the keystore file from UD or BSM here? Should I also copy BSM keystore file to UD server? Should the keystore file keep the same format? in my case,UD use .keystore format but BSM I use .jks keystore format.

 

from BSM:

keytool -import -v -keystore <....truststore>  -file  hpcert_cms

 

Looking forward to your reply.

Frequent Advisor

Re: UD with BSM integration get PKIX path building failed since certificate expired

Hi,

 

Our UCMDB, UD probe,BSM are installed on seperate servers.

 

While importing keys, should I import keys for probe or UCMDB ?

 

I have tried to import into Probe & UCMDB  truststore, keystore,cacerts all. But the integration point still get the same error when I test connection.

 

Who have experienced this issue before?

 

Thanks

Shirley

//Add this to "OnDomLoad" event