Monitoring, Management & Location Tracking

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including AirWave, Meridian Apps, ALE, Central / HPE Aruba Networking Central, and UXI / HPE Aruba Networking User Experience Insight
Back to Library

Troubleshooting while getting certificate error while accessing VisualRF in AMP 8.2.0 

Oct 25, 2016 06:33 PM

Problem:

While accessing Visual RF you are getting the error as below:

 

 

Seeing the below errors in VisualRF log

 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.ssl.Alerts.getSSLException(Unknown Source)

        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

        at sun.security.ssl.Handshaker.processLoop(Unknown Source)

        at sun.security.ssl.Handshaker.process_record(Unknown Source)

        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)



Diagnostics:

This is more likely to be seen if the Custom Cert installed to the Airwave server and the CA is not automatically updated to the trusted list in Java Keystore. In that case the mentioned error could occur with the visualrf app (run on Java) to trust the CA.  Hence, you need to make the Certificate is trusted in keystore of java in /usr/java/jre1.8.0_72/lib/security/cacerts.



Solution

To solve this issue you need to make sure the CA cert is trusted in the Keystore of java under  /usr/java/jre1.8.0_72/lib/security/cacerts.

To do that you need to execute the commands below:

# keytool -import -noprompt -trustcacerts -alias <give a name to identify the CA in the keytool> -file <path/of the /cert/in/airwave/server> -keystore /usr/java/jre1.8.0_72/lib/security/cacerts -storepass changeit

 

Example: 

[root@airwave tmp]# keytool -import -noprompt -trustcacerts -alias chaincert-lab -file /var/airwave/custom/ssl-certs/airwave-CertChain.crt -keystore /usr/java/jre1.8.0_72/lib/security/cacerts -storepass changeit

Certificate was added to keystore

 

To verify:

[root@airwave tmp]# keytool -list -keystore "/usr/java/jre1.8.0_72/lib/security/cacerts" | grep chain

Enter keystore password:  changeit

chaincert-lab, May 2, 2016, trustedCertEntry,

 

Once done, restart the Visual RF Engine. 

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.