IBM Support

Importing custom reports from RRDI reports "ERROR: Unable to Communicate with the Reporting Server"

Troubleshooting


Problem

Attempts to import custom reports from IBM Rational Reporting & Development Intelligence (RRDI) into IBM Rational Team Concert (RTC) or Rational Quality Manager (RQM) result in ERROR: Unable to communicate with the IBM Rational Reporting Server.

Cause

This is an IBM WebSphere administration issue where the handshake between SSL Certificates is incomplete.

Diagnosing The Problem

You will see errors in the IBM WebSphere SystemOut.log for the Jazz Team Server (JTS) similar to the following:



Error 500: &#59; nested exception is:     javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.&#59; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=<Hostname>, OU=Root Certificate, OU=<Hostname><NodeName>OU=<ProfileName>Node0#, O=IBM, C=US is not trusted&#59; internal cause is:java.security.cert.CertPathValidatorException: Certificate chaining error

[mm/dd/yy 14:22:27:838 PST] 00000015 WSX509TrustMa E CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=sjc04-host2cprd1.ibm.com, OU=abc-host1Node01Cell, OU=abc-host1Node01, O=IBM, C=US" was sent from target host:port "9.32.253.253:8880". The signer may need to be added to local trust store "/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/config/cells/abc-jazzprod1Node01Cell/nodes/abc-jazzprod1Node01/trust.p12" located in SSL configuration alias "NodeDefaultSSLSettings" loaded from SSL configuration file "security.xml". The extended error message from the SSL handshake exception is: "PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=abc-host2.ibm.com, OU=Root Certificate, OU=abc-host2Node01Cell, OU=abc-host2Node01, O=IBM, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error".


[mm/dd/yy 14:22:27:899 PST] 00000015 SystemOut O CWPKI0428I: The signer might need to be added to the local trust store. You can use the Retrieve from port option in the administrative console to retrieve the certificate and resolve the problem. If you determine that the request is trusted, complete the following steps: 1. Log into the administrative console. 2. Expand Security and click SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations. 3. Select the appropriate outbound configuration to get to the (cell):abc-jazzprod1Node01Cell:(node):abc-jazzprod1Node01 management scope. 4. Under Related Items, click Key stores and certificates and click the NodeDefaultTrustStore key store. 5. Under Additional Properties, click Signer certificates and Retrieve From Port. 6. In the Host field, enter 9.32.253.253 in the host name field, enter 8880 in the Port field, and 9.32.253.253_cert in the Alias field. 7. Click Retrieve Signer Information. 8. Verify that the certificate information is for a certificate that you can trust. 9. Click Apply and Save.

Resolving The Problem

Follow the instructions provided in the SystemOut.log error message listed above and also noted here:


    The signer might need to be added to the local trust store. You can use the Retrieve from port option in the administrative console to retrieve the certificate and resolve the problem. If you determine that the request is trusted, complete the following steps:

    1. Log into the administrative console.

    2. Expand Security and click SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations.

    3. Select the appropriate outbound configuration to get to the (cell):abc-jazzprod1Node01Cell:(node):abc-jazzprod1Node01 management scope.

    4. Under Related Items, click Key stores and certificates and click the NodeDefaultTrustStore key store.

    5. Under Additional Properties, click Signer certificates and Retrieve From Port.

    6. In the Host field, enter 9.32.253.253 in the host name field, enter 8880 in the Port field, and 9.32.253.253_cert in the Alias field.

    7. Click Retrieve Signer Information.

    8. Verify that the certificate information is for a certificate that you can trust.

    9. Click Apply and Save.

Leverage the Jazz Community

The Jazz based products have an active community that can provide you with additional resources. Browse and contribute to the User forums, contribute to the Team Blog and review the Team wiki.

Review technote 1319600: Leveraging the Jazz Community on Jazz.net for details.

[{"Product":{"code":"SSUVV6","label":"IBM Engineering Test Management"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"RRDI","Platform":[{"code":"PF033","label":"Windows"}],"Version":"2.0","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Product Synonym

Rational Quality Manager

Document Information

Modified date:
16 June 2018

UID

swg21655458

Page Feedback