Troubleshooting Connectivity Issues
An SSL connection only succeeds when the client trusts the server. When we establish a connection over HTTPS, the web server responds by providing its site and intermediate certificates. It is then up to the client to complete the chain by having the root certificate. This chain validation is necessary for the client to trust the site. When the CertPathBuilderException, CertificateException, and SSLHandshakeException exceptions occur, you can try the following:
Set up a certificate and configure a proxy that
Software AG Update Manager uses to connect to your network.
Configure a trust store or certificate chain for
Update Manager to use when it establishes TLS/SSL communication.
Update Manager uses a dedicated JAVA_OPTIONS_SUM_V11 environment variable instead of using the JAVA_OPTIONS environment variable. This allows you to set the JAVA_OPTIONS_SUM_V11 environment variable globally and not interfere with other products/services/processes that use JAVA_OPTIONS.
Setting the JAVA_OPTIONS_SUM_V11 environment variable globally has no side effects and allows you to shadow or mask truststores, for example:
For *nix systems:
export JAVA_OPTIONS_SUM_V11="$JAVA_OPTIONS_SUM_V11 -Djavax.net.ssl.trustStore=<path_to_the_custom_proxy_truststore>"
For Windows systems:
set JAVA_OPTIONS_SUM_V11="$JAVA_OPTIONS_SUM_V11 -Djavax.net.ssl.trustStore=<path_to_the_custom_proxy_truststore>"
Important:
The keystore is only read when the JVM is initialized. Restart the source application service after importing new certificates.