To communicate via SSL, the various Control-M products require the import of the SSL certificate into the Java keystore used by the CM or component, How can I import SSL certificates or CA certificates into the Java keystore used by Control-M for Web Services, Control-M for Cloud, Control-M for Informatica, Control-M for Cognos, Control-M for SAP Business Objects or Control-M/Server? A message similar to javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target:: may be observed if this is not done. |
NOTE:
By default, the keytool and other files are located under the product installation. In the case of the Control-M for Web Services, this is located in the <AGENT_HOME>/ctm/cm/JRE/ directory. For Control-M for Web Services, you can change this by adding the various parameters to the wsprofile.dat file as described in the Administrator Guide. The keytool binary is in JRE\bin and the default keystore in JRE\lib\security. If you do not already have the certificate to import, you should be able to export it by going to Internet Explorer or another web browser, viewing the certificate and then copying it to a file. You will want to use the "Base-64 encoded X.509" format when exporting the certificate. Once you have the certificate in this form, you can execute the keytool to import it. Assuming your certificate is called mycert.cer and the alias is myapp, it would look something like this: ...\JRE> bin\keytool -importcert -file mycert.cer -keystore ..\lib\security\cacerts -alias myapp The default password for the keystore cacerts is 'changeit'.
|