Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Quick Launch

Average Rating:

(8 Ratings)
facebook Twitter
Email
Print Bookmark Alert me when this article is updated

Feedback

HOW TO: Import certificates into Informatica Cloud Secure Agent JRE
Solution
Steps to import the certificates into Secure Agent Cacerts:
  1. Download the attached zip and extract the InstallCert.jar​ to {Secure Agent Root Dir}\jdk\{​LatestVersion}\jre\bin​ OR {Secure Agent Root Dir}\apps\jdk\{LatestVersion}\jre\bin.
    1. 1  Check {Secure Agent Root Dir}​\apps\agentcore\{​LatestVersion}​\.lcm\lcm-env.bat to know the correct jdk folder to be used.
  2. Change directory in CMD/Shell to {Secure Agent Root Dir}\apps\jdk\1.8.0_202\jre\bin​.
  3. Execute "java -jar InstallCert.jar <hostname>[:port]". 
           WithHost   : "java -jar InstallCert.jar dm-us.informaticacloud.com​"
           WithPort   :  "java -jar InstallCert.jar dm-us.informaticacloud.com​:443"
           WithProxy :  "java -Dhttps.proxyHost=<proxyHost> -Dhttps.proxyPort=<proxyPort> -jar InstallCert.jar dm-us.informaticacloud.com​:443"​
           Note : Use "./java " while running the above commands in Linux.
       4. Upon successful execution, one can see the following messages.

            AdminCmdOutput.png
      5. Restart the Secure Agent to make the changes affect.
Notes:
  • -Djavax.net.debug=ssl can be used to generate ssl trace & -Djsse.enableSNIExtension=true need to be used while connecting to SNI enabled Servers.
  • This tool create a backup of cacerts before modifying with a name like cacerts-<date_time>.
  • This tool does not support PROXY with authentication. If one need to use PROXY authentication​, follow the link: http://kb.informatica.com/howto/6/Pages/22/571091.aspx​
​​​​​​​​​​​
More Information
The following exception is observed and the connection is refused while Secure Agent is attempting to access applications that are encrypted with SSL (for example HTTPS, LDAPS, IMAPS).
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:       sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Whenever Java attempts to connect to another application over SSL (e.g.: HTTPS, IMAPS, LDAPS), it will only be able to connect to that application if it can trust it. The way trust is handled in the Java world is that you have a keystore (typically $JAVA_HOME/lib/security/cacerts), also known as the truststore.

This problem is therefore caused by a certificate that is self-signed (a CA did not sign it) or a certificate chain that does not exist within the Java truststore. 

How does it work?
This is based on a Java Program.
1. The Java Program loads the Agent Keystore and initiates SSL Handshake to the HOST Server provided through command line.
2. Upon receiving SSLHandshakeException, the program then adds the chain of certificates sent by the HOST server (for validation) into Cacerts as trusted cert​ificates.
Reference
Applies To
Product: Cloud Data Integration
Problem Type: Connectivity; Configuration
User Type: Administrator
Project Phase: Configure
Product Version:
Database:
Operating System: Windows; Linux
Other Software:
Attachments
Last Modified Date:6/14/2020 11:43 PMID:527498
People who viewed this also viewed

Feedback

Did this KB document help you?



What can we do to improve this information (2000 or fewer characters)