Logged SSL Connection Errors

Certain issues can cause exceptions to appear in the logs when an SSL-enabled connection is attempted. The following list shows parts of log messages that indicate specific exceptions:

• keyMaterial=null - The connection URI has not been added to the keychain (see Setting up Security).
• unknown_certificate (in the agent log) and PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: - unable to find valid certification path to requested target (in the TMS log) - The agent is not using (or cannot find) its keystore (see Setting up Security).
• unknown_certificate (in the agent log) and the counterpart is not ssl compliant (in the tms log) - The agent is not configured to use SSL (or not configured correctly). Confirm that SSL is set up as shown above.

• unknown_certificate (in the TMS log) - Identity assertion (basic TMS security, or IA) is being used over SSL, but the IA URI has not been added to the keychain file. For example:

  bin/keychain.sh ~/.tc/mgmt/keychain https://localhost:9443/tmc/api/assertIdentity

  In addition, ensure that the TMS container is configured to use tms-keystore and tms-truststore (see Setting up Security).