Skip to main content
Solved

ValidateSSL


Forum|alt.badge.img+1

Hi Folks 

I was reviewing this thread:
 

 

 

which seems to be precisely the same issue I am running into.  I’ve searched through my registry but could not find the appropriate key, so I created it, although I must not have created it in the right spot, I’ve made some other error, OR this is no longer the way to solve the issue.  

I have tried both here:
HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\Instance001\WFEngine

And here:
HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\WFEngine

I created the key and dword value (ValidateSSL=0) in both locations, tried restarting the workflow engine and also tried restarting the whole machine, but I still have had no luck.

Any Tips or suggestions?

Is there any way to read the environment to confirm the key was set and the workflow engine has confirmed the setting?

My error is still:
 

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<br>Source: demo-ad, Process: Workflow

 


 

Best answer by djmanning

tldr, mark solved high level procedure1
1. Follow procedure to import self signed cert into the host keystore
2. Make sure the host can resolve the name in the cert, and your requests use the target host name.

Thanks for your attention!

 

More:
Just to let you know that the issue was resolved by following the procedure above
https://documentation.commvault.com/11.24/expert/116142_adding_commvault_certificate_to_java_keystore_on_http_proxy_servers_with_self_signed_certificate.html

I had an additional issue where the self-cert issued was not fully qualified, and was not resolvable by the Commvault host OS.  I was able to work around this by modifying the local OS host file (was windows, so win/sys32/drivers/etc/host → just remember to modify this file as an administrator).

I was able to send through the httpclient using https to the server with a self signed certs once this completed 
 

View original
Did this answer your question?

7 replies

Forum|alt.badge.img+1
  • Author
  • Bit
  • 4 replies
  • June 24, 2022

Version is: 
Version11.24.52

I’m on a trial/eval. 

And I used the web Workflow client, if that makes a difference.

Thanks


Mike Struening
Vaulter
Forum|alt.badge.img+23

@christopherlecky , do you recall exactly how you added the key (the referenced thread was yours)?

Thanks!


christopherlecky
Byte
Forum|alt.badge.img+16

I applied it via a group, but I admit I never checked to see if the registry key was actually created.

Once it was applied the error I was getting changed so my assumption was that it worked.

I’ll check on my WF engine box now and let you know if the registry key actually exists.


Forum|alt.badge.img+1
  • Author
  • Bit
  • 4 replies
  • June 27, 2022

Hello - I opened a case with commvault and found that the ValidateSSL “isn’t valid anymore’ and suggested importing ‘the Self signed certificate into JAVA KeyStore’.

https://documentation.commvault.com/11.24/expert/116142_adding_commvault_certificate_to_java_keystore_on_http_proxy_servers_with_self_signed_certificate.html

 

I will be trying this out.


Mike Struening
Vaulter
Forum|alt.badge.img+23

@djmanning , can you share the case number so I can track it?


Forum|alt.badge.img+1
  • Author
  • Bit
  • 4 replies
  • July 4, 2022

HI - The incident number is 220626-130


Forum|alt.badge.img+1
  • Author
  • Bit
  • 4 replies
  • Answer
  • July 6, 2022

tldr, mark solved high level procedure1
1. Follow procedure to import self signed cert into the host keystore
2. Make sure the host can resolve the name in the cert, and your requests use the target host name.

Thanks for your attention!

 

More:
Just to let you know that the issue was resolved by following the procedure above
https://documentation.commvault.com/11.24/expert/116142_adding_commvault_certificate_to_java_keystore_on_http_proxy_servers_with_self_signed_certificate.html

I had an additional issue where the self-cert issued was not fully qualified, and was not resolvable by the Commvault host OS.  I was able to work around this by modifying the local OS host file (was windows, so win/sys32/drivers/etc/host → just remember to modify this file as an administrator).

I was able to send through the httpclient using https to the server with a self signed certs once this completed 
 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings