Automic Workload Automation

We have one LDAP server and we want to use that ffor PROD and TEST environments (two different environments).

My question: Should the certificates for PROD and TEST be DIFFERENT or EQUAL? Look, that we have different environments but one LDAP server.
We suspect, that the reason for error below is that we need to use different certificates for different environments.

Here the error we get:
20210114/100112.754 - 35     U00045033 Log on to LDAP server 'fmspdc031.ads.fms-sg.de:636' with user 'CN=inavpuyw,OU=Users,OU=IBM-ITIM-Managed,OU=IBM-Soverei
gn,DC=ads,DC=fms-sg,DC=de'.
20210114/100112.768 - 35     U00045014 Exception 'javax.naming.CommunicationException: "fmspdc031.ads.fms-sg.de:636"' at 'com.sun.jndi.ldap.Connection.<init>
():237'.
20210114/100112.769 - 35     U00045015 The previous error was caused by 'javax.net.ssl.SSLException: "Unexpected error: java.security.InvalidAlgorithmParamet
erException: the trustAnchors parameter must be non-empty"' at 'sun.security.ssl.Alert.createSSLException():133'.
20210114/100112.770 - 35     U00045015 The previous error was caused by 'java.lang.RuntimeException: "Unexpected error: java.security.InvalidAlgorithmParamet
erException: the trustAnchors parameter must be non-empty"' at 'sun.security.validator.PKIXValidator.<init>():102'.
20210114/100112.770 - 35     U00045015 The previous error was caused by 'java.security.InvalidAlgorithmParameterException: "the trustAnchors parameter must b
e non-empty"' at 'java.security.cert.PKIXParameters.setTrustAnchors():200'.

Thanks a lot for help

Luis

Hi Luis,

as you write about certificate, I guess you using Secure LDAP. Do you have follow the docs.automic.com to request the certificate from LDAP Server?

This has to be done using the JWP of each Automic Automation Server where the Automation Engine and minimum one JWP process is running.

java -jar ucsrvjp.jar -installcert <host>:<sslport>

Here the link to full description in the Automic Automation online docu:

https://docs.automic.com/documentation/webhelp/english/AA/12.3/DOCU/12.3/Automic%20Automation%20Guides/help.htm#Installation_Manual/AE/InstalltheAE_JWP.htm?Highlight=JWP

Please also note that a certificate do have an expiration date. This is definde by the creator. When the certificate expire, you cant use it any more. How ever, this request can be automated to request an actual certifact. To do so, please define an OS Job (Windows/Unix/Generic) submitted on all OS Agents where the Automation Engine and minimum one JWP is running using the same "java -jar ucsrvjp.jar -installcert <host>:<sslport>" command.

Hope this help,
Franz