Sybase - How to import certificates when there is a connection error for no certificates (4228637)

Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Sybase - How to import certificates when there is a connection error for no certificates
Description

When monitoring remote Sybase or SAP ASE databases in SSL mode, the Foglight Agent Manager (FglAM) must trust the database server's certificate. This requires importing the server certificate into the appropriate Java keystore used by the agent.
Cause

If the required certificate is not present in the keystore, the Sybase agent will fail to establish a secure connection, resulting in SSL handshake errors or login failures.
Resolution
1. Import the SSL Certificate

Use the keytool utility to import the ASE/RS SSL certificate into the FglAM Java keystore (cacerts):

Keystore Paths:
- Embedded FglAM: ../fms/jre/lib/security/cacerts
- External FglAM: ../fglam/jre/1.8.0.212/jre/lib/security/cacerts
Import Command:
```
../jre/bin/keytool -import -noprompt -rfc   -alias aliasName   -file /path/to/certificate   -keystore ../lib/security/cacerts   -storepass changeit
    
```
Verify Import:
```
../jre/bin/keytool -list -v   -keystore ../lib/security/cacerts   -alias aliasName
    
```
2. Enable SSL in Agent Properties
- Sybase_MDA Agent: Set Enable SSL (must enable SSL in FIPS Compliance mode) to true.
- Sybase_RS Agent: Set both:
  - Enable SSL for Replication Server
  - Enable SSL for RSSD
  to true.
3. Activate the Agents

After updating the agent properties, activate the agents to begin monitoring.

4. Restart FglAM if Errors Occur

If you encounter the following error, restart the FglAM:
```
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
    
```
If you see JZ00L: Login failed and SSL is enabled on the monitored ASE or RS server, confirm that all certificate import steps have been completed.

5. FIPS Mode: Add cryptoj.jar

When monitoring SAP servers in FIPS-compliant FMS:
- Copy cryptoj.jar from SAPHome\jConnect-16_0\classes
- Paste into fglamgents\DB_Sybase.9.7.10-xxxx\lib
- Restart FglAM
Defect ID

FOM-182
Additional Information
- Ensure the certificate file is in a supported format (e.g., .cer or .pem).
- Use meaningful aliases to identify certificates in the keystore.
- Restart the Agent Manager after importing certificates to apply changes.

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Request a KB Article

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Sybase - How to import certificates when there is a connection error for no certificates (4228637)

Title

Description

Cause

Resolution

1. Import the SSL Certificate

Keystore Paths:

Import Command:

Verify Import:

2. Enable SSL in Agent Properties

3. Activate the Agents

4. Restart FglAM if Errors Occur

5. FIPS Mode: Add cryptoj.jar

Defect ID

Additional Information

Leave a Comment