This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
PRODUCT:
Control-M/Enterprise Manager
COMPONENT:
Control-M Automation API
APPLIES TO:
Control-M Automation API 9.0.18.200 and later
PROBLEM:
1. Control-M Automation API fails to connect and returns error message:
self signed certificate in certificate chain 2. Control-M Automation API command 'CTM session login' failed with below error message when port 18080 connector is removed to secure the Web Server connection. ERROR ExceptionHelper.getApiException:17 - io.swagger.api.ApiException: Failed to login: Incorrect username or password
CAUSE:
A self-signed certificate is used by the Control-M/Enterprise Manager web server https connector, which Automation API does not accept by default
SOLUTION:
This issue is solved in Control-M Automation API 9.0.19.140. Please apply the latest available version to resolve this issue.
If you are unable to install the latest version, please perform the following steps:
1. Edit <EMHOME>\etc\domains\communication.xml
2. Add the 2 lines in blue in the right scope (ClientsDefault):
<scope name="ClientsDefault"> <variable name="WebUrl" value="https://<machine name or ip>:8443"/> <variable name="SSLCertVerification" value="false"/> <variable name="SSLHostVerification" value="false"/> </scope>
Important note about the term "self-signed"
It is important to note that "self-signed certificate" does not mean the certificate was signed by your own organisation's CA. Such certificate will not cause the above problem.
A self-signed certificate is a technical term which means the certificate was not signed by any CA. The certificate Issuer equals the certificate Subject, as if the certificate was signed by itself.
Such certificates are often used for testing, and therefore not accepted by SSL/TLS implementations configured for normal production use.
Article Number:
000161010
Article Type:
Comments