These steps are required for accessing the WS API in NCM used by the Certificate Monitoring reports. Otherwise, the logs show certificate and communication errors and the Certificate Monitoring reports are empty.
Note: These steps are not required if NCM server running version is 9.6 and above.
- Log in to the NCM host and copy "$VOYENCE_HOME/conf/bundle.p12" to the M&R destination machine where the WS API client is configured (for example, /opt).
- On the destination machine, type the following command as one line and press Enter:
$APG_HOME/Java/Sun-JRE/8.0.92/bin>keytool -changealias -keystore "/opt/bundle.p12" -alias 1 -destalias newalias -storetype pkcs12
- Enter the keystore password.
Type the PassPhrase entered during the NCM server installation.
- On the destination machine, type the following command as one line and press Enter.
$JAVA_HOME/bin>keytool -importkeystore -srckeystore "/opt/bundle.p12" -destkeystore "$APG_HOME/Java/Sun-JRE/8.0.92/lib/security/cacerts" -srcstoretype pkcs12
- Enter the destination keystore password: changeit
- Enter the source keystore password.
Type the PassPhrase entered during the NCM server installation.These results should display:
Entry for alias 1 successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled.
- Go to the <EMC_M&R_install>/bin directory and run the following command to restart all of the services:
./manage-modules service restart allThe following exception message should no longer display in the collector logs ( APG/Collecting/Collector-Manager/emc-ncm/logs):
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)