DWP Catalog -We have enabled SSL on the DWP Catalog and now we are getting this "PKIX path building failed" error in the DWP Enhanced Catalog Section/ Authentication failed in bundle.logs

Version 6
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BMC Digital Workplace Advanced


    COMPONENT:

    MyIT Service Broker


    APPLIES TO:

    DWP Catalog and Advanced 18.00, 19.00



    DETAILS:

    The root cause to this problem is:

    1. Several steps from the below documentation were skipped. Make sure that the DWP Catalog .crt file is imported into the DWP Adv keystore, as mentioned here:

       https://docs.bmc.com/docs/display/dwpadv1808/Configuring+access+to+the+BMC+Digital+Workplace+Catalog+server+over+SSL

     In order to fix the PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target error on  the DWP Advanced - Enhanced Catalog  Section, do the following:
        
              a) Import the DWP Catalog .crt into the DWP Tomcat Trustore.
     

    C:\Program Files\Java\jre1.8.0_91\bin>keytool.exe -importcert -alias catalogcert -keystore "C:\Program Files\Java\jre1.8.0_91\lib\security\cacerts" -file c:\SBCertforMyIT.crt
      

                 

      

    b) Restart DWP Tomcat

    c) Clear browser's cache

    d) Log into the DWP Admin Console.

    e) Go to the Enhanced Catalog section and put all the details in.

    f) Click on Save

      

    g) Confirm that you are not getting the error anymore
     

       Additional checks.
       
      a) Make sure that you used FQDN where it tells you to use FQDN and not the hostname on    <installLocation>/sb/rxscripts/bin/setenv.sh 
    b) Make sure that you used hostname where it tells you to use hostname and not FQDN, in    <installLocation>/sb/env/set_script_variables.sh  
    c) Do not use localhost in the files that we just mentioned above.  
    d) Make sure that you update the below section on <installLocation>/jetty/etc/   jetty-http.xml  and put the right/actual keystore and trusttore. 
       
       
    <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">    <Set name="KeyStorePath">/opt/bmc/digitalworkplace/certs/keystore</Set>    <Set name="KeyManagerPassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>    <Set name="KeyStorePassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>    <Set name="TrustStorePath">/opt/bmc/digitalworkplace/truststore/cacerts</Set>    <Set name="TrustStorePassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>    <Set name="IncludeCipherSuites">
      
      
        
      

    Now, both servers should be able to communicate to each other with no issues.

     


    Article Number:

    000167775


    Article Type:

    Product/Service Description



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles