Logged SSL Connection Errors
Certain issues can cause exceptions to appear in the logs when an SSL-enabled connection is attempted. The following list shows parts of log messages that indicate specific exceptions:
keyMaterial=null - The connection URI has not been added to the keychain (see
Setting up Security).
unknown_certificate (in the agent log) and
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: -
unable to find valid certification path to requested target (in the TMS log) - The agent is not using (or cannot find) its keystore (see
Setting up Security).
unknown_certificate (in the agent log) and
the counterpart is not ssl compliant (in the tms log) - The agent is not configured to use SSL (or not configured correctly). Confirm that SSL is set up as shown above.
unknown_certificate (in the TMS log) - Identity assertion (basic TMS security, or IA) is being used over SSL, but the IA URI has not been added to the keychain file. For example:
bin/keychain.sh ~/.tc/mgmt/keychain https://localhost:9443/tmc/api/assertIdentity
In addition, ensure that the TMS container is configured to use tms-keystore and tms-truststore (see
Setting up Security).