Troubleshooting
Problem
Changing certificate authorities for Maximo Application Suite (MAS) ldapsync process does not update causing certificate trust issue for the scim synchronization process with error unable to find valid certification path to requested target.
Symptom
Changing or reconfiguring the User Registry Synchronization does not complete and fails to connect to the directory.
Cause
The finalizer in Red Hat OpenShift does not remove the old reference to the certificate truststore.
Diagnosing The Problem
Reviewing the logs in the scimsync pod shows an error:
com.ibm.ws.ssl.core.WSX509TrustManager E CWPKI0823E: SSL HANDSHAKE FAILURE:
A signer with SubjectDN [CN=serverhostname.ibm.com] was sent from the host [serverhostname.ibm.com:636].
The signer might need to be added to local trust store [/etc/mas/certs/truststore/truststore.jks], located in SSL configuration alias [defaultSSLConfig].
The extended error message from the SSL handshake exception is: [unable to find valid certification path to requested target].
From the scimsync pod, you can use terminal to view the truststore (you can find the truststore password in the secret <instanceid>-scim-truststore:
keytool -list -v -keystore /etc/mas/certs/truststore/truststore.jks -storetype JKS -storepass <password>
Resolving The Problem
In order for the scimsync pod to remake its truststore, the finalizer must be removed from the Truststore CRD for the scimsync instance.
- Log in to the Red Hat OpenShift console.
- Navigate to CustomResourceDefinitions.
- Find the Truststore CR.
- Go to the Instances tab.
- Select the <instanceid>-scimsync-truststore CRD.
- Find the Finalizer section, and delete it; After deleting the Finalizer section, save. Reload shows this section now removed.
- Wait for reconciliation to run, and confirm that the new truststore is created, which also re-creates the scimsync pod.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m3p000000hAeeAAE","label":"Maximo Application Suite-\u003ECore"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
11 May 2023
UID
ibm16989659