-
Title
Sybase - How to import certificates when there is a connection error for no certificates -
Description
When monitoring remote Sybase / SAP ASE databases in SSL mode, certificates for the database server must be imported into the keystore on the Agent Manager.
-
Resolution
For Sybase / SAP ASE databases, certificates can be imported into the FglAM jre keystore via the following
1. Import the ASE/RS SSL certificate into the monitoring FglAM jre keystore(cacerts).
- When the FglAM is embedded, the jre keystore path is: ../fms/jre/lib/security/cacerts
- When the FglAM is external, the jre keystore path is: ../fglam/jre/1.8.0.212/jre/lib/security/cacerts
Command for importing certificate:
../jre/bin/keytool -import -noprompt -rfc -alias $aliasName -file $certificatePath -keystore ../lib/security/cacerts -storepass changeit
Command for checking whether the certificate has been imported:../jre/bin/keytool -list -v -keystore ../lib/security/cacerts -alias $aliasName
2. Set the Agent Property 'Enable SSL' to be true.
- For Sybase_MDA agent, the SSL related Agent Property is: 'Enable SSL(must enable SSL in FIPS Compliance mode)'.
- For Sybase_RS agent, the SSL related Agent Property is: 'Enable SSL for Replication Server(must enable SSL in FIPS Compliance mode)' and 'Enable SSL for RSSD(must enable SSL in FIPS Compliance mode)'.
3. Activate the agents.
Note: If the user encounters an error with 'certificate_unknown' or the following error in the agent log, restart the FglAM.
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target- If the user encounters an error with 'JZ00L: Login failed', and the monitoring ASE or RS is configured with SSL, confirm that the steps have been completed.
- When the user monitors SAP servers in FIPS FMS, copy the cryptoj.jar from SAP ASE installation folder(SAPHome\jConnect-16_0\classes) to the FglAM agent lib folder(fglam\agents\DB_Sybase\5.9.7.10-5.9.7.10-20200930-1432\lib), FglAM restart is then required.
-
Defect ID
FOM-182