Troubleshooting
Problem
The firewall is adding self signed certificate for the CMC URL.
Symptom
The following error is observed in the logs :
_PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target_
_PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target_
_javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target_
Resolving The Problem
If firewall is adding self signed certificate for the CMC URL then please execute below two commands using hscroot user.
chhmccert -o add -t trustedcert -l trustedsslserver -a cmccert -h <CMC Portal URL>
chhmccert -o add -t trustedcert -l trustedsslserver -a cmccert_cloudant -h <cloudant_url_from_portal_settings>
After executing the above commands please restart cloud connector and check the status..
Note: This command internally downloads the certificate of portal URL and adds to the HMC trust store. It does not disable certificate check.
Also, the certificate of portal URL is CA signed certificate. This command is needed here because firewall / proxy is adding a self signed certificate in the certificate chain.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSDHL6","label":"IBM Cloud Management Console"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
12 September 2023
UID
ibm17031731