Troubleshooting integration with SSL
This topic describes how to troubleshoot issues related to integrating BMC Digital Workplace and SSL.
BMC does not maintain or fix SSL certificates. Technicians will do their best effort to assist you with issues related to SSL and BMC Digital Workplace, but it is the customer's responsibility to fix and maintain their own SSL certificates.
BMC Support will always help with application configuration and can provide hints on what could be wrong with the certificates, but not more.
Issue symptoms
- Which symptoms occur?
- BMC Digital Workplace Tomcat does not start after SSL is enabled.
- BMC Digital Workplace Catalog does not start after SSL is enabled, or authentication fails during startup when SSL is enabled.
- BMC Digital Workplace Catalog User Sync is not working on SSL.
- BMC Digital Workplace Catalog loops during startup after SSL was configured.
- BMC Digital Workplace Admin Console displays an error when enabling the Enhanced Catalog or when setting BMC Digital Workplace Catalog sections. A PKIX error occurs.
- Cannot consume BMC Digital Workplace Catalog services or cannot see BMC Digital Workplace banners in BMC Digital Workplace.
- Notes or approvals for BMC Digital Workplace Catalog services do not work.
- BMC Remedy ITSM displays an error when you test the connection between BMC Digital Workplace Catalog and the BMC Remedy ITSM AR System server.
- In which object or user interface do you see the symptoms?
- BMC Remedy ITSM and BMC Digital Workplace Catalog backend forms show SSL and connectivity errors while testing the connection between BMC Remedy ITSM and BMC Digital Workplace Catalog.
- BMC Digital Workplace Admin Console: Enhanced Catalog section and Setting Up Catalog Sections section
- BMC Digital Workplace Tomcat logs
- BMC Digital Workplace Catalog: Linux terminal (BMC Digital Workplace Catalog loops during restart.)
- BMC Digital Workplace cannot fetch BMC Digital Workplace Catalog services, BMC Remedy ITSM modules, or BMC Remedy with Smart IT (Smart IT) notes.
- BMC Digital Workplace Catalog: Linux terminal (After restarting BMC Digital Workplace Catalog, user_group_sync.log shows entries such as
SSLHandshakeException
.)
- What steps produce the issue?
- Follow BMC Digital Workplace documentation and enable SSL.
- On BMC Digital Workplace:
- In the BMC Digital Workplace Admin console, go to Configuration.
- Select Enhanced Catalog under Configuration.
- In the URL field, enter the BMC Digital Workplace Catalog URL.
- You might see these issues:
- When you go to Service Requests > Catalog Sections, you receive an authentication error when you try to add new sections.
- Tomcat does not start after a restart.
- You try to consume the BMC Digital Workplace Catalog service via BMC Digital Workplace, but services and banners are gone.
- You cannot log in to BMC Digital Workplace via Remedy SingleSign-On (RSSO).
- On BMC Digital Workplace Catalog:
- An
Authentication Failed
error appears in the Linux Terminal after you restart the BMC Digital Workplace Catalog service. - A BMC Digital Workplace Catalog restart loops during startup.
- You received a double authentication page while logging in via RSSO.
- An
Authentication Failed
error appears in use_group_sync.log with entries such asSSLHandshakeException
.
- An
- On BMC Remedy ITSM:
- Click on the test connection after you include the SSL port and protocol in the BMC Digital Workplace Catalog URL on the ITSM backend forms.
- On BMC Digital Workplace Catalog:
- What is the text of the message?
BMC Digital Workplace Admin Console:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
BMC Remedy ITSM backend forms (SB:TestRemoteAction and SBE:ConnectionConfig):
Connection failed
BMC Digital Workplace Catalog Linux terminal:
Authentication Failed
(You can also see this error in the bundle.log file.)BMC Digital Workplace Catalog User Group Sync logging:
SSLHandshake/PKIX error
- Errors related to BMC Digital Workplace Catalog in the dwp.log file
- BMC Digital Workplace Tomcat catalina.out log file:
SEVERE: Could not start listener due to previous errors
- BMC Digital Workplace/RSSO:
Not connecting/Double Login Screen.
Issue scope
The following issues describe the scope, and they cannot be resolved until the certificate issues are resolved:
- Server startup will be impacted and services will not start.
- New users will not be able to use BMC Digital Workplace Catalog and will not be imported to the Catalog.
- RSSO login will break, which will make the application unavailable.
- Communication with other applications will be affected.
- Simple use cases (such as updating notes) will not work.
Diagnosing and reporting an issue
After you identify the symptoms and scope of the issue, use this troubleshooting guide to help the customer diagnose and resolve the issue or to create a BMC Support case.
Task | Action | Steps | Reference |
---|---|---|---|
1 | Troubleshoot |
| See https://communities.bmc.com/docs/DOC-117011 for information on SSL troubleshooting. |
2 | Self-resolve |
| |
3 | Report |
| To get support from BMC Support :
|
4 | Send diagnostics |
| Possible diagnostics include:
|
5 | Apply fix | Check Resolution for common issues. | Note: The fix may vary depending on the root cause of the issue: missing entries, wrong data in config files, environment configuration issues. |
Resolutions for common issues
Symptom | Action | Reference |
---|---|---|
| Import the BMC Digital Workplace Catalog certificate to BMC Digital Workplace Tomcat Truststore, BMC Remedy ITSM Server, SmartIT Server and viceversa. This can be the Java cacerts certificate or a user-defined one. | |
| Add missing DNS entries, and update BMC Digital Workplace Catalog configuration files. The certificate needs a certificate chain, which was not included during the import of the certificates. | |
| Add TrustStore path and password to user_group_sync.sh script. | https://communities.bmc.com/docs/DOC-61820 |
| Import RSSO certificate to BMC Digital Workplace and BMC Digital Workplace Catalog TrustStore and vice versa. Confirm that the application's entries exist in the keystore. | https://communities.bmc.com/docs/DOC-117011 |
|
| https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html |
| Follow KA https://communities.bmc.com/docs/DOC-124466. | This defect is fixed for 20.02 and later versions. |
Comments
Log in or register to comment.