CA Service Management

• PAM 04.3.02 originally configured not using SSL (using http) and integration from SDM was fine.
• Changed PAM to use SSL (https) with appropriate certificate. Access to PAM login works, no certificate errors.
• Updated Option Manager, CA IT PAM Workflow, endpoint and urls. Restarted Service Desk.
• Now receive the following error: javax.net.ssl.SSLHandshakeException

Saw in the Known Product Issues of the documentation (CA Process Automation and SSL Integration Generates Errors) and how to work around this when doing an upgrade.

Does anyone have a solution to fix this outside of doing an upgrade?

Cheers,

Lindsay

Hi Lindsey,

Did you update the cacerts file with the new PAM SSL certificate?  Here's a kb article that may help.

The Service Desk Manager Connector fails to function when SSL is enabled for Service Desk Manager 

It's located here.

v14: <install_drive>\CA\SC\JRE\1.7.0_10\lib\security\cacerts"

v17: <install_drive>\CA\SC\JRE\1.8.0_112\lib\security\cacerts"

Hi Lindsay - did the info from Grant work for you?

Jon I.

A case has been opened with CA Support to address this concern.  Support is investigating and will advise findings.

@David-Ng  - can you post the case number here so we can track it and make sure the resolution gets put into this post once resolved?

Thanks,

Jon I.

CA Support ticket #00864988

Some assumptions and remarks, and correct me Lindsay, if I'm wrong:

• What is not working is the integration from SDM to PA, when SDM is starting processes in PA by creating certain log activities, which are using SDM's PA macros.
• starting processes by SDM in PA is done by a process called rpc daemon, a Java program running within the Java runtime SDM provides.
• the rpc daemon tries to sends a SOAP webservice call to PA
• the Java run time will handle the https call, and therefore the SSL handshaking. 
• I assume the SSL handshaking fails, because the Java runtime neither knows the certification authority nor the PA server certificate. Therefore the handshake fails.
• A solution could be to import the PA Server certficate into the trusted keystore of the SDM's Java runtime
  • you might be able to do this by (found here):
  • cd to your JRE install Directory (check NX_JRE_INSTALL_DIR)
  • cd lib/security
  • do a ..\..\bin\keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias yourAliasName -file path\to\certificate.cer (thanks jediz)

Hope this helps

Regards

............Michael

Thanks Michael,

With David Ng's help we did import the certificate. The handshake error persisted. We are now looking at the versions of Java as a possible root cause.

Cheers,

Lindsay

Hi Lindsay_Estabrooks  - any updates on this one?  Were you able to get this resolved?

Hi Jon,

I have been away for almost two weeks and will working on the resolution this week.

Cheers,

Lindsay

Hi Lindsay_Estabrooks  - just checking back with you on this one.  Any luck with this one as of yet?

Hi Jon,

Thanks for the follow-up. I meant to update this thread but forgot.

The issue finalized around the Java version. We had Process Automation on Java 8 and Service Desk on Java 7. Once we updated to Java 8 for Service Desk and imported the certificate, the handshake error went away.

Cheers,

Lindsay