VSE Recorder doesn't work when our own truststore is being used.

Document ID:  TEC1743955
Last Modified Date:  06/12/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Service Virtualization

Releases

  • CA Service Virtualization:Release:10.1.0

Components

  • CA ITKO LISA Virtual Services Environment (VSE):ITKOVS
Issue:

DevTest was configured to use a different truststore that is not the default cacerts under $DevTest_HOME/jre/lib/security folder.

When the VSE Recorder is configured to use SSL to server, no transactions are being captured and the following error is showing in the workstation.log file:

" ERROR System.err - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" 

Environment:
All supported DevTest versions.
Cause:

When Java tries to connect to a different application using SSL, it will only be able to connect to that application if it can trust it. The way trust is handled in Java is that you have a keystore (typically $JAVA_HOME/lib/security/cacerts), also known as the truststore. This contains a list of all known Certificate Authority (CA) certificates, and Java will only trust certificates that are signed by one of those CAs or public certificates that exist within that keystore. 

When using your own truststore, the CA that signed your server certificate or the service public certificate is not available in the custom truststore.

Resolution:

Get the server public certificate and import it into the truststore that is being used.

The command below can be used to import it:

keytool -import -alias <serverCertAlias> -file <ServerCert.cer> -keystore <yourOwnTrustStore> -storepass <yourOwnTrustStorePassword>

Restart DevTest components.

Additional Information:

With the default DevTest installation, cacerts file is available under $DevTest_HOME/jre/lib/security/ folder.

For more information regarding 'How Java Implements SSL Certificates and Trust'

https://support.ca.com/us/knowledge-base-articles.TEC1377917.html?intcmp=searchresultclick&resultnum=2

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >