These steps are required for accessing the WS API in NCM used by the Certificate Monitoring reports. Otherwise, the logs show certificate and communication errors and the Certificate Monitoring reports are empty.
Procedure
- Log in to the NCM host and copy "$VOYENCE_HOME/conf/server.p12" to the M&R destination machine where the WS API client is configured (for example, /opt).
server.p12 will be generated when installing the third-party certificate using the SSL utility for NCM.
- On the destination machine, type the following command as one line and press Enter:
$APG_HOME/Java/Sun-JRE/<Java-Version>/bin>keytool -changealias -keystore "/opt/server.p12" -alias 1 -destalias newalias -storetype pkcs12
- Enter the keystore password.
Use the same password given during certificate installation.
- On the destination machine, type the following command as one line and press Enter.
$JAVA_HOME/bin>keytool -importkeystore -srckeystore "/opt/server.p12" -destkeystore "$APG_HOME/Java/Sun-JRE/<Java-Version>/lib/security/cacerts" -srcstoretype pkcs12
- Enter the M&R destination keystore password: changeit
- Enter the source keystore password.
Use the source keystore password given during certificate installation.
These results should display:
Entry for alias 1 successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled.
- Go to the <EMC_M&R_install>/bin directory and run the following command to restart all of the services:
./manage-modules service restart all
The following exception message should no longer display in the collector logs (
APG/Collecting/Collector-Manager/emc-ncm/logs):
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested
target at
sun.security.ssl.Alerts.getSSLException(Alerts.java:192)