Control-M Automation API fails to connect and returns error message: self signed certificate in certificate chain

Version 9
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Control-M/Enterprise Manager


    COMPONENT:

    Control-M Automation API


    APPLIES TO:

    Control-M Automation API 9.0.18.200 and later



    PROBLEM:

    1. Control-M Automation API fails to connect and returns error message:

    self signed certificate in certificate chain  2. Control-M Automation API command 'CTM session login' failed with below error message when port 18080 connector is removed to secure the Web Server connection. ERROR ExceptionHelper.getApiException:17 -  io.swagger.api.ApiException: Failed to login: Incorrect username or password

     


    CAUSE:

    A self-signed certificate is used by the Control-M/Enterprise Manager web server https connector, which Automation API does not accept by default


    SOLUTION:

    This issue is solved in Control-M Automation API 9.0.19.140. Please apply the latest available version to resolve this issue.

    If you are unable to install the latest version, please perform the following steps:

    1. Edit <EMHOME>\etc\domains\communication.xml
    2. Add the 2 lines in blue in the right scope (ClientsDefault):
     

      <scope name="ClientsDefault">     <variable name="WebUrl" value="https://<machine name or ip>:8443"/> <variable name="SSLCertVerification" value="false"/> <variable name="SSLHostVerification" value="false"/>  </scope>
      

    Important note about the term "self-signed"
    It is important to note that "self-signed certificate" does not mean the certificate was signed by your own organisation's CA. Such certificate will not cause the above problem. 
    A self-signed certificate is a technical term which means the certificate was not signed by any CA. The certificate Issuer equals the certificate Subject, as if the certificate was signed by itself. 
    Such certificates are often used for testing, and therefore not accepted by SSL/TLS implementations configured for normal production use. 
      

     


    Article Number:

    000161010


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles