vSphere connectivity Error - Invalid username/password/url

Document created by Sandeep Bhutani on Nov 24, 2014
Version 1Show Document
  • View in full screen mode

Hi,

While we were integrating ITPAM with vSphere, using out of box connector, we faced a problem of Invalid username/password/url every time.

Configuration was done as per ITPAM documentation.

We checked log file C:\Program Files\CA\PAM\server\c2o\log\c2o.log

and found following exception was being generated all time when request was made:

java.rmi.RemoteException: VI SDK invoke exception:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

 

The problem was with java security on ITPAM server. vSphere version 4.0 was running which was sending a certificate with low security and java version on ITPAM server was higher and was expecting a more secure certificate.

As vSpehere could not change vSphere, so below lines were commented (hashed) to make it work:

 

In file: (Whichever java version is being used by orchestrator)
C:\Program Files\Java\jre7\lib\security\java.security
And
C:\Program Files\Java\jdk1.7.0_45\jre\lib\security


Disable (hash out) the following line
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

 

Restart orchestrator

Attachments

    Outcomes