It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×6,113
×4,321
×1,381
×403
×145

question asked: Jun 27 '13, 5:43 a.m.
question was seen: 4,886 times
last updated: Jun 27 '13, 8:43 p.m.

Related questions

Certificate Error Connecting to RRDI from CLM

0
Robin Parker (32633739) | asked Jun 27 '13, 5:43 a.m.
retagged Jun 27 '13, 8:43 p.m. by Dejan Custic (2855)
Hi all,

I have created a report in RRDI.  I go into our CM application, go to Reports -> Report Resources and click on the 'Create Resource From Custom Report' button.

The message 'Cannot reach the IBM Rational Reporting Server. Please check network connectivity and verify the server location is correct and the server is running.' is displayed in red at the top of the screen.

Checking the logs ... the jts.log contains the following types of error (I have taken the real hostname out and replaced with <hostname>) :

2013-06-27 10:30:34,071 [      http-bio-9443-exec-31692] ERROR com.ibm.team.reports.service.cognos                 - ; nested exception is:
        javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
        java.security.cert.CertPathValidatorException: The certificate issued by CN=<hostname>, OU=Root Certificate, OU=ReportingCell, OU=RationalReportingNode01, O=IBM, C=US is not trusted; internal cause is:
        java.security.cert.CertPathValidatorException: Certificate chaining error Connecting to https://<hostname>:59082/reporting
AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
 faultSubcode:
 faultString: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
        java.security.cert.CertPathValidatorException: The certificate issued by CN=<hostname>, OU=Root Certificate, OU=ReportingCell, OU=RationalReportingNode01, O=IBM, C=US is not trusted; internal cause is:
        java.security.cert.CertPathValidatorException: Certificate chaining error
 faultActor:
 faultNode:
 faultDetail:
        {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
        java.security.cert.CertPathValidatorException: The certificate issued by CN=<hostname>, OU=Root Certificate, OU=ReportingCell, OU=RationalReportingNode01, O=IBM, C=US is not trusted; internal cause is:
        java.security.cert.CertPathValidatorException: Certificate chaining error
        at com.ibm.jsse2.o.a(o.java:25)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:499)
        at com.ibm.jsse2.kb.a(kb.java:483)
        at com.ibm.jsse2.kb.a(kb.java:48)
        at com.ibm.jsse2.lb.a(lb.java:426)
        at com.ibm.jsse2.lb.a(lb.java:194)
        at com.ibm.jsse2.kb.s(kb.java:93)
        at com.ibm.jsse2.kb.a(kb.java:128)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:516)
        at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:400)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:787)
        at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:640)
        at com.cognos.org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
        at com.cognos.org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:192)
        at com.cognos.org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:405)
        at com.cognos.org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:139)
        at com.cognos.org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at com.cognos.org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:119)
        at com.cognos.org.apache.axis.SimpleChain.invoke(SimpleChain.java:84)
        at com.cognos.org.apache.axis.client.AxisClient.invoke(AxisClient.java:166)
        at com.cognos.org.apache.axis.client.Call.invokeEngine(Call.java:2785)
        at com.cognos.org.apache.axis.client.Call.invoke(Call.java:2768)
        at com.cognos.org.apache.axis.client.Call.invoke(Call.java:2444)
        at com.cognos.org.apache.axis.client.Call.invoke(Call.java:2367)
        at com.cognos.org.apache.axis.client.Call.invoke(Call.java:1813)
        at com.cognos.developer.schemas.bibus._3.ContentManagerServiceStub.queryMultiple(ContentManagerServiceStub.java:7043)
        at com.ibm.team.reports.service.cognos.internal.CognosReportServiceHelper.getReports(CognosReportServiceHelper.java:341)
        at com.ibm.team.reports.service.cognos.internal.CognosReportService.perform_GET(CognosReportService.java:161)
        at com.ibm.team.repository.service.TeamRawService.service(TeamRawService.java:82)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
        at java.lang.reflect.Method.invoke(Method.java:611)
        at org.eclipse.soda.sat.core.internal.record.ExportProxyServiceRecord.invoke(ExportProxyServiceRecord.java:361)
        at org.eclipse.soda.sat.core.internal.record.ExportProxyServiceRecord.access$0(ExportProxyServiceRecord.java:347)
        at org.eclipse.soda.sat.core.internal.record.ExportProxyServiceRecord$ExportedServiceInvocationHandler.invoke(ExportProxyServiceRecord.java:56)
        at $Proxy671.service(Unknown Source)
at com.ibm.team.repository.servlet.AbstractTeamServerServlet.doRestService(AbstractTeamServerServlet.java:914)
        at com.ibm.team.repository.servlet.AbstractTeamServerServlet.handleRequest2(AbstractTeamServerServlet.java:2100)
        at com.ibm.team.repository.servlet.AbstractTeamServerServlet.handleRequest(AbstractTeamServerServlet.java:1924)
        at com.ibm.team.repository.servlet.AbstractTeamServerServlet.service(AbstractTeamServerServlet.java:1800)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
        at org.eclipse.equinox.http.registry.internal.ServletManager$ServletWrapper.service(ServletManager.java:180)
        at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:126)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:76)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
        at org.eclipse.equinox.servletbridge.BridgeServlet.service(BridgeServlet.java:120)
        at com.ibm.team.repository.server.servletbridge.JazzServlet.service(JazzServlet.java:68)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at com.ibm.team.repository.server.servletbridge.BridgeFilter.processDelegate(BridgeFilter.java:133)
        at com.ibm.team.repository.server.servletbridge.BridgeFilter.doFilter(BridgeFilter.java:154)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
        at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:336)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:897)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:919)
        at java.lang.Thread.run(Thread.java:738)

As you can see we're using https to access RRDI.

I have checked the URL that the applications use to access RRDI and I have checked the value of 'Trusted URIs for client authorization and redirection' in the advanced properties of the JTS and admin page.  Both are correct.

Does anyone have any suggestion as to what the problem may be?

Many Thanks,

Robin

Comments
Robin Parker commented Jun 27 '13, 5:46 a.m.

Sorry, left out important information:
We're running CLM 4.0.2 and RRDI 2.0.1 using Websphere 8.0 and all of this is running on RHEL 5.x
Thanks.

Accepted answer

2
permanent link
Ali Manji (59147) | answered Jun 27 '13, 8:45 a.m.
JAZZ DEVELOPER
Hi Robin - Though you are using RRDI  2.0.1, you should be able to follow the steps in this Info Center help topic (and the related sub-topics) to enable SSL for the RRDI Report Server.

http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m3/topic/com.ibm.rational.rrdi.admin.doc/topics/t_general_was_ssl.html

Regards,
Ali
Robin Parker selected this answer as the correct answer
Comments
Robin Parker commented Jun 27 '13, 9:55 a.m.

Hi Ali,
I have followed those steps already, from the 4.0.2 help section and can access RRDI using https just fine to create the reports.  Only the access from the CLM server while trying to import the reports as report resources fails ...

Many Thanks,

Robin

Ali Manji commented Jun 27 '13, 9:59 a.m.
JAZZ DEVELOPER

Hi Robin - Did you look at the the steps in this sub-section (http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m3/topic/com.ibm.rational.rrdi.admin.doc/topics/t_int_ssl_reportsrv_jazz.html).  Note:  If you are running Tomcat - follow step c.  or step d. for WebSphere.

Regards,
Ali

Robin Parker commented Jun 27 '13, 11:29 a.m.

Difficult to choose an accepted answer as I think you were all correct!  I chose this one as it was directing me to the very page I needed and I am indeed running my CLM on Tomcat - which I had failed to mention!

Thanks all who answered for pointing me in the right direction.  I'll not get to restart the JTS until the weekend at the earliest so hopefully it'll all work next week!!

2 other answers

Most liked answers ↑|Newest answers|Oldest answers

2
permanent link
Matthieu Leroux (6571614) | answered Jun 27 '13, 10:01 a.m.
JAZZ DEVELOPER
Hello Robin,

Have you seen this technote:
http://www-01.ibm.com/support/docview.wss?uid=swg21609885

Hope it helps
Matthieu
1
permanent link
Indradri Basu (1.8k1514) | answered Jun 27 '13, 7:56 a.m.
Hi Robin, as far as I know an alert always comes for self-signed certificates and to me it looks like the CLM server certificate has not been imported in the RRDI server trust store or the problem lies on that area.
Comments
Robin Parker commented Jun 27 '13, 9:54 a.m.

Hi Indradri,

I can log into RRDI using credentials from the CLM user database - wouldn't this imply that the RRDI server can access the CLm server ok?

I don't remember importing any certificates from the CLm server into the RRDI server.... can you point me to the help section for that?

Thanks,

Robin

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.