Control-M/Agent 9.0.21.100 can not connect to Control-M/Server when SSL is enabled if the certificate that the Agent use is self-signed and has no trusted Certificate Authority(CA) in the keystore. The error message shows: No trusted certificate found

Knowledge Article

Article Number

000413897

Old Article Number

Article Type

Solutions to a Product Problem

Title

Control-M/Agent 9.0.21.100 can not connect to Control-M/Server when SSL is enabled if the certificate that the Agent use is self-signed and has no trusted Certificate Authority(CA) in the keystore. The error message shows: No trusted certificate found

Summary

Product

Control-M/Agent for UNIX and Microsoft Windows

Component

Control-M/Agent for UNIX and Microsoft Windows

Applies to

Control-M/Agent for UNIX and Microsoft Windows 9.0.21.100

Problem

Control-M/Agent and Control-M/Server are using a Self-signed certificate without any trusted Certificate Authority(CA) in the keystore.

When SSL is enabled, Control-M/Agent can not connect to Control-M/Server, error message will show:
==========
0510 10:23:26.900 ERROR utListener_asm-1 entModeSupportingClientConnectionFactory - [111673573439@send] Error to send message
org.springframework.messaging.MessagingException: Send Failed; nested exception is javax.net.ssl.SSLHandshakeException: No trusted certificate found
==========

Cause

Since Control-M/Agent 9.0.21, SSL is java coded instead of C coded. Java coded SSL needs trusted CA in the keystore. If CA is not found it will consider the certificate not trusted and SSL connection can not be established.

Solution

It is recommended to bring your own certificate with trusted CA, follow SSL online document to bring your own certificate:
https://documents.bmc.com/supportu/9.0.21/en-US/Documentation/Zone_2_and_3_SSL_configuration.htm

Attachment(s):