Connection failure with certificate issue due to empty TrustStore in RSA Governance & Lifecycle
a year ago
Originally Published: 2024-07-16
Article Number
000072566
Applies To
RSA Product Set: RSA Governance & Lifecycle
RSA Version/Condition: 8.x
Issue
Connection failed' when clicking Test Authentication Token when testing connection to REST API collector. due to certification issue resulting in the following error:  
Caused by: com.aveksa.common.ConnectException: Connection failed
    at com.aveksa.common.http.client.RSAHTTPClient.execute(RSAHTTPClient.java:120) ~[common.jar:?]
    at com.aveksa.client.genericrest.authenticationManager.TokenBasedDynamicAuthenticator.fetchToken(TokenBasedDynamicAuthenticator.java:63) ~[generic-rest-client.jar:?]
    at com.aveksa.client.genericrest.authenticationManager.AuthenticationManager.fetchToken(AuthenticationManager.java:44) ~[generic-rest-client.jar:?]
    at com.aveksa.client.genericrest.authenticationManager.TokenBasedAuthenticationManager.getToken(TokenBasedAuthenticationManager.java:139) ~[generic-rest-client.jar:?]
    at com.aveksa.client.genericrest.authenticationManager.TokenBasedAuthenticationManager.updateAuthenticationConfigurationInRequest(TokenBasedAuthenticationManager.java:63) ~[generic-rest-client.jar:?]
    at com.aveksa.client.genericrest.GenericRESTClient.executeCollection(GenericRESTClient.java:217) ~[generic-rest-client.jar:?]
    at com.aveksa.collector.generic.rest.adc.GenericRESTAccountDataIterator.collectAccountData(GenericRESTAccountDataIterator.java:158) ~[classes/:?]
    at com.aveksa.collector.generic.rest.adc.GenericRESTAccountDataIterator.next(GenericRESTAccountDataIterator.java:68) ~[classes/:?]
    ... 13 more
Caused by: javax.net.ssl.SSLHandshakeException: No X509TrustManager implementation available

 
Cause

The error is happening because java TrustStore found at ${JAVA_HOME}/jre/lib/security/cacerts file is found to be empty.

This indicates Java is unable to validate trusted certificates. The Java JDK could be installed incorrectly (likely installed with the wrong Unix account or wrong sudo command) and has replaced the current cacerts with an empty file and backed up the previous one:

image001 (10).png

Resolution

${JAVA_HOME}/jre/lib/security/cacerts file needs to be restored manually after the upgrade if this problem is encountered.

It can be restored from the backup "cacerts.1719000895 in the above screenshot" by copying it over the empty "cacerts".
It can also be restored/replaced from another environment (or from any other backup if available).

Related Articles

Trending Articles

Don't see what you're looking for?