Monitoring, Management & Location Tracking

Troubleshooting while getting certificate error while accessing VisualRF in AMP 8.2.0

Aruba Employee
Problem:

While accessing Visual RF you are getting the error as below:

 

 

Seeing the below errors in VisualRF log

 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.ssl.Alerts.getSSLException(Unknown Source)

        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

        at sun.security.ssl.Handshaker.processLoop(Unknown Source)

        at sun.security.ssl.Handshaker.process_record(Unknown Source)

        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)



Diagnostics:

This is more likely to be seen if the Custom Cert installed to the Airwave server and the CA is not automatically updated to the trusted list in Java Keystore. In that case the mentioned error could occur with the visualrf app (run on Java) to trust the CA.  Hence, you need to make the Certificate is trusted in keystore of java in /usr/java/jre1.8.0_72/lib/security/cacerts.



Solution

To solve this issue you need to make sure the CA cert is trusted in the Keystore of java under  /usr/java/jre1.8.0_72/lib/security/cacerts.

To do that you need to execute the commands below:

# keytool -import -noprompt -trustcacerts -alias <give a name to identify the CA in the keytool> -file <path/of the /cert/in/airwave/server> -keystore /usr/java/jre1.8.0_72/lib/security/cacerts -storepass changeit

 

Example: 

[root@airwave tmp]# keytool -import -noprompt -trustcacerts -alias chaincert-lab -file /var/airwave/custom/ssl-certs/airwave-CertChain.crt -keystore /usr/java/jre1.8.0_72/lib/security/cacerts -storepass changeit

Certificate was added to keystore

 

To verify:

[root@airwave tmp]# keytool -list -keystore "/usr/java/jre1.8.0_72/lib/security/cacerts" | grep chain

Enter keystore password:  changeit

chaincert-lab, May 2, 2016, trustedCertEntry,

 

Once done, restart the Visual RF Engine. 

Version history
Revision #:
2 of 2
Last update:
‎10-25-2016 03:33 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.