JBoss ON agent auto update fails when an ssl transport is enabled

Solution Verified - Updated -

Issue

  • The agent auto upgrade is not working and fails with SSL errors.
  • The agent auto upgrade fails with following messages:

    FATAL [RHQ Agent Update Thread] (org.rhq.enterprise.agent.AgentUpdateThread)- {PromptCommand.update.download-failed}Failed to download the agent update binary. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    FATAL [RHQ Agent Update Thread] (org.rhq.enterprise.agent.AgentUpdateThread)- {AgentUpdateThread.exception}The agent update thread encountered an exception: javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> sun.security.validator.ValidatorException:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target
    
  • Agent auto update fails with:

Failed to download the agent update binary. Cause: sun.security.validator.ValidatorException: No trusted certificate found
The agent update thread encountered an exception: javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: No trusted certificate found -> javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: No trusted certificate found -> sun.security.validator.ValidatorException:No trusted certificate found

Environment

  • JBoss Operations Network Server (JON)
    • 2.3
    • 2.4
    • 3.0
    • 3.1
    • 3.3
  • Agent is configured to use sslservlet or sslsocket to communicate with the JBoss ON server
  • The agent's rhq.agent.agent-update.download-url property is set to its default value

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In