If a DM cannot send updates to an SM, it is normally a network connectivity issue but can occasionally be from an SSL certificate problem. If it is an SSL issue, the DM may report an exception that begins with the following line:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The important thing to notice about this exception is the end of the message. When Java cannot find a valid certification path, that means that the root CA certificate and/or one or more intermediate CA certificates for the SM's HTTPS SSL certificate are not trusted. When this happens, you need to ensure that the root CA certificate and any intermediate CA certificates associated with the SM's HTTPS SSL certificate are added to the DM's TechDoc Java CA key store.
First, you will need to get a copy of the root CA certificate and any intermediate CA certificates used by the SM cert in DER (binary) format. Next, you need to come up with an alias name for each one of these DER files. No other certificate in TechDoc's Java key store can have the same alias. For that reason, we recommend using the date and an ending letter as part of the alias. For example, my20190430a would be the first alias that you use on April 30, 2019, my20190430b would be the second alias that you use on April 30, 2019, etc.
Once you have decided on alias names for each of the certificates, open a command prompt on the DM as a Windows Administrator. Then use the batch file AddCertificateToStores.bat located in the TechDoc\bin folder of the DM to install the root CA certificate and any intermediate CA certificates. Say that your DER file for the root CA certificate is called root.cer and you plan to use the alias my20190430a. You would use the following command on the DM command prompt to add it to TechDoc's Java key store:
AddCertificateToStores.bat root.cer my20190430a
Let's also say that you have one intermediate CA called intermediate.cer that you need to install and you plan to use the alias my20190430b. You would use the following command on the DM command prompt to add it to TechDoc's Java key store:
AddCertificateToStores.bat intermediate.cer my20190430b
Now you have to restart the Tomcat service on the DM before TechDoc's Java will pick up the new CA certificates. Once you restart Tomcat, you can log into TechDoc on the DM as a TechDoc admin, click on the Admin menu, click on "Search Manager Hosts" under "Show...", click on the SM that was causing the problem. Now you can click on the "Test" link on the side menu for that SM and see that the test completes successfully. If it tests successfully, make sure to go look for any stalled SM updates from the Admin menu and restart them if necessary.
If you are still having problems, you can contact us for further assistance.