Solved

ValidateSSL

  • 24 June 2022
  • 7 replies
  • 385 views

Badge +1

Hi Folks 

I was reviewing this thread:
 

 

 

which seems to be precisely the same issue I am running into.  I’ve searched through my registry but could not find the appropriate key, so I created it, although I must not have created it in the right spot, I’ve made some other error, OR this is no longer the way to solve the issue.  

I have tried both here:
HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\Instance001\WFEngine

And here:
HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\WFEngine

I created the key and dword value (ValidateSSL=0) in both locations, tried restarting the workflow engine and also tried restarting the whole machine, but I still have had no luck.

Any Tips or suggestions?

Is there any way to read the environment to confirm the key was set and the workflow engine has confirmed the setting?

My error is still:
 

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<br>Source: demo-ad, Process: Workflow

 


 

icon

Best answer by djmanning 6 July 2022, 16:53

View original

7 replies

Badge +1

Version is: 
Version11.24.52

I’m on a trial/eval. 

And I used the web Workflow client, if that makes a difference.

Thanks

Userlevel 7
Badge +23

@christopherlecky , do you recall exactly how you added the key (the referenced thread was yours)?

Thanks!

Userlevel 5
Badge +16

I applied it via a group, but I admit I never checked to see if the registry key was actually created.

Once it was applied the error I was getting changed so my assumption was that it worked.

I’ll check on my WF engine box now and let you know if the registry key actually exists.

Badge +1

Hello - I opened a case with commvault and found that the ValidateSSL “isn’t valid anymore’ and suggested importing ‘the Self signed certificate into JAVA KeyStore’.

https://documentation.commvault.com/11.24/expert/116142_adding_commvault_certificate_to_java_keystore_on_http_proxy_servers_with_self_signed_certificate.html

 

I will be trying this out.

Userlevel 7
Badge +23

@djmanning , can you share the case number so I can track it?

Badge +1

HI - The incident number is 220626-130

Badge +1

tldr, mark solved high level procedure1
1. Follow procedure to import self signed cert into the host keystore
2. Make sure the host can resolve the name in the cert, and your requests use the target host name.

Thanks for your attention!

 

More:
Just to let you know that the issue was resolved by following the procedure above
https://documentation.commvault.com/11.24/expert/116142_adding_commvault_certificate_to_java_keystore_on_http_proxy_servers_with_self_signed_certificate.html

I had an additional issue where the self-cert issued was not fully qualified, and was not resolvable by the Commvault host OS.  I was able to work around this by modifying the local OS host file (was windows, so win/sys32/drivers/etc/host → just remember to modify this file as an administrator).

I was able to send through the httpclient using https to the server with a self signed certs once this completed 
 

Reply