REST API account validation failed with Control-M for Web Services, Java and Messaging when using the certificate in truststore.jks

Knowledge Article

REST API account validation failed with Control-M for Web Services, Java and Messaging when using the certificate in truststore.jks
REST API account validation failed with Control-M for Web Services, Java and Messaging when using the certificate in truststore.jks
Control-M for Web Services, Java and Messaging
Control-M for Web Services, Java and Messaging
Control-M for Web Services, Java and Messaging All version
Control-M for Web Services, Java and Messaging
Control-M for Web Services, Java and Messaging
Control-M for Web Services, Java and Messaging All version
When validating a REST API account getting below error:

Validation failed 
Account <REST>: REST location validation has failed 

REST location validation: failed Failed to reach 'https://xxx.xxx.com/' Error: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)::
Please update the Keystore value in the configuration file [agent home]/data/wsprofile.dat file by adding/modifying the following lines under [GENERAL] section:

[GENERAL]
......existing lines.....
BPI_EXT_LIBS
-Djavax.net.ssl.keyStore               [Agent Home]/ctm/cm/JRE/lib/security/cacerts
-Djavax.net.ssl.keyStorePassword       changeit
-Djavax.net.ssl.trustStore             [Agent Home]/ctm/cm/JRE/lib/security/truststore.jks
-Djavax.net.ssl.trustStorePassword     changeit

The -Djavax.net.ssl parameters are not needed if you plan on using the default Java keystore that comes with the Web Service plugin.

If the Web server needs TLS1_2, the append with following line(after above lines):

-Dhttps.protocols TLSv1.2

If the Web server needs cookie, then append following line(after above lines):

-DWJM_HTTP_COOKIE_OPTION Y

Then, import the certificate in [Agent Home]/ctm/cm/JRE/lib/security/cacerts

For example: 
keytool -import -trustcacerts -keystore [Agent Home]/ctm/cm/JRE/lib/security/cacerts -alias xxxxxx -file <path>/<web_server_certificate_filename>

To use the "keystore.jks", user needs to import signed certificate into JKS using below command. JKS is a JAVA keystore (storage) for all certificates. 

For example:
keytool -import -v -alias CEDN -file cert.pem -keystore [Agent Home]/ctm/cm/JRE/lib/security/truststore.jks

User can run the "keytool -importcert" command to verify if the certificate added correctly. It should display "already exist" message if the certificate is already there. 

Additional Information:
Some Web servers need the default CN of the certificate to be same as the hostname reference in Web Server URL(ie, https://<hostname>:<port>/xxxxx

For example, if the web server certificate has the CN name with mywebserver as value, then Control-M Web Service connection profile web URL address should be like https://mywebserver:<port>/xxxxxxx for the profile to work properly. 
Control-M for Web Services, Java and Messaging
Control-M for Web Services, Java and Messaging
Control-M for Web Services, Java and Messaging All version
Attachment(s):