IBM Support

Certificate not found in chain error for SCIM sync pod after changing certificate for Maximo Application Suite

Troubleshooting


Problem

Changing certificate authorities for Maximo Application Suite (MAS) ldapsync process does not update causing certificate trust issue for the scim synchronization process with error unable to find valid certification path to requested target.

Symptom

Changing or reconfiguring the User Registry Synchronization does not complete and fails to connect to the directory.

Cause

The finalizer in Red Hat OpenShift does not remove the old reference to the certificate truststore.

Diagnosing The Problem

Reviewing the logs in the scimsync pod shows an error:
com.ibm.ws.ssl.core.WSX509TrustManager E CWPKI0823E: SSL HANDSHAKE FAILURE: 
A signer with SubjectDN [CN=serverhostname.ibm.com] was sent from the host [serverhostname.ibm.com:636]. 
The signer might need to be added to local trust store [/etc/mas/certs/truststore/truststore.jks], located in SSL configuration alias [defaultSSLConfig]. 
The extended error message from the SSL handshake exception is: [unable to find valid certification path to requested target].
From the scimsync pod, you can use terminal to view the truststore (you can find the truststore password in the secret  <instanceid>-scim-truststore:
keytool -list -v -keystore /etc/mas/certs/truststore/truststore.jks -storetype JKS -storepass <password>

Resolving The Problem

In order for the scimsync pod to remake its truststore, the finalizer must be removed from the Truststore CRD for the scimsync instance.
  1. Log in to the Red Hat OpenShift console.
  2. Navigate to CustomResourceDefinitions.
  3. Find the Truststore CR.
  4. Go to the Instances tab.
  5. Select the <instanceid>-scimsync-truststore CRD.
  6. Find the Finalizer section, and delete it; After deleting the Finalizer section, save. Reload shows this section now removed.
  7. Wait for reconciliation to run, and confirm that the new truststore is created, which also re-creates the scimsync pod.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m3p000000hAeeAAE","label":"Maximo Application Suite-\u003ECore"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
11 May 2023

UID

ibm16989659

Page Feedback