AnsweredAssumed Answered

Keystore was tampered with, or password was incorrect

Question asked by cowsert on Feb 18, 2019
Latest reply on Feb 21, 2019 by cowsert

Since North American support is offline today for holiday, and unable to look at my current ticket, I'm going to ask the community for support. 

 

I'm trying to get Process Automation (PAM [4.3SP1]) to communicate with Service Desk Manager (SDM[14.1]) using SSL.  Windows/MSSQL for both PAM and SDM.  PAM and SDM are on different servers but are on the same subnet, so they can (and have in the past) communicated correctly.  I have PAM working in my production environment.  This is a development environment (recreate) that is not able to connect.  Accessing either PAM or SDM using a browser is successful.

 

I receive this error in SDM when attempting to connect to PAM by trying to add a workflow to a Change Category:

There is a problem accessing CA IT PAM Workflow - please try again or contact the administrator. Details: ; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

I have reinstalled PAM.  I have re-registered PAM with EIAM. 

 

In order to connect SDM and PAM, I'm using my notes as well as the online instructions at:
How to Enable Communications between Service Desk - CA Knowledge 

 

I was able to connect SDM and PAM using this information with a default OasisConfig.properties file where the ALIAS was ITPAM, etc.  SDM and PAM connected just fine.

 

I was given a keystore file from our Certificate Authority with a known and tested (using keytool.exe) password and alias. 

 

I ran the PasswordEncryption.bat file to get the password encrypted.  I took that password and exchanged it with the "itpam.web.keystore.password" in the OasisConfig.properties file and saved the file.

 

I then went to C:\Program Files\Java\jdk****\bin and ran the keytool.exe.

 

keytool.exe -keystore C:\PROGRA~1\CA\PAM\server\c2o\.config\c2okeystore -export -alias tomcat -file itpam.cer
Enter keystore password: (using the new "itpam.web.keystore.password" from OasisConfig.properties as instructed)

 

And I receive the following error:
keytool error: java.io.IOException: Keystore was tampered with, or password was
incorrect

 

I've tried everything I can think of to solve this problem.  I have even performed a complete reinstall of PAM. 

 

I validated the password on the keystore file using the following command:

keytool -v -list -keystore C:\pam.keystore

I put in the password when prompted and all is fine.  I'm able to see the information on the keystore file with my known password.

 

From what I can tell, it seems that the C:\PROGRA~1\CA\PAM\server\c2o\.config\c2okeystore file is likely the problem. 

 

Has anyone else seen this problem?

 

Thanks to anyone who is willing to look at this.  I appreciate the time.

 

John

Outcomes