Cloud Pak for Business Automation

Hello

I have been trying to send an email from a CSHS using google smtp server in ICP4BA environment on IBM Tech Zone. In the logs, I can see the below errors :

{"type":"liberty_message","host":"icp4adeploy-bastudio-deployment-0.icp4adeploy-bastudio-service-headless.cp4ba-starter.svc.cluster.local","ibm_userDir":"\/opt\/ibm\/wlp\/usr\/","ibm_serverName":"defaultServer","message":"CWPKI0823E: SSL HANDSHAKE FAILURE: A signer with SubjectDN [CN=smtp.gmail.com] was sent from the host [smtp.gmail.com:587]. The signer might need to be added to local trust store [\/opt\/ibm\/wlp\/usr\/servers\/defaultServer\/resources\/security\/trusts.jks], located in SSL configuration alias [defaultSSLConfig]. The extended error message from the SSL handshake exception is: [unable to find valid certification path to requested target].","ibm_threadId":"00005c5d","ibm_datetime":"2023-05-05T05:21:15.165+0000","ibm_messageId":"CWPKI0823E","module":"com.ibm.ws.ssl.core.WSX509TrustManager","loglevel":"ERROR","ibm_sequence":"1683264075165_0000000005360","ext_appName":"IBM_BPM_Teamworks","ext_thread":"Default Executor-thread-447"}


I created a secret for gmail smtp server and added the secret name to the trusted_certificate_list in YAML of IBM Cloud Pak for Business Automation (CP4BA) multi-pattern Operator but still getting the same error

https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/22.0.2?topic=services-importing-certificate-external-service

Could someone suggest if something additional is needed to get this working ?

Thanks

Hello

I have been trying to send an email from a CSHS using google smtp server in ICP4BA environment on IBM Tech Zone. In the logs, I can see the below errors :

{"type":"liberty_message","host":"icp4adeploy-bastudio-deployment-0.icp4adeploy-bastudio-service-headless.cp4ba-starter.svc.cluster.local","ibm_userDir":"\/opt\/ibm\/wlp\/usr\/","ibm_serverName":"defaultServer","message":"CWPKI0823E: SSL HANDSHAKE FAILURE: A signer with SubjectDN [CN=smtp.gmail.com] was sent from the host [smtp.gmail.com:587]. The signer might need to be added to local trust store [\/opt\/ibm\/wlp\/usr\/servers\/defaultServer\/resources\/security\/trusts.jks], located in SSL configuration alias [defaultSSLConfig]. The extended error message from the SSL handshake exception is: [unable to find valid certification path to requested target].","ibm_threadId":"00005c5d","ibm_datetime":"2023-05-05T05:21:15.165+0000","ibm_messageId":"CWPKI0823E","module":"com.ibm.ws.ssl.core.WSX509TrustManager","loglevel":"ERROR","ibm_sequence":"1683264075165_0000000005360","ext_appName":"IBM_BPM_Teamworks","ext_thread":"Default Executor-thread-447"}


I created a secret for gmail smtp server and added the secret name to the trusted_certificate_list in YAML of IBM Cloud Pak for Business Automation (CP4BA) multi-pattern Operator but still getting the same error

https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/22.0.2?topic=services-importing-certificate-external-service

Could someone suggest if something additional is needed to get this working ?

Thanks

Hi,
 I am facing a similar issue but it is during discovery of new web service. I have the web server certificate added to the trust list in the custom resource of ICP4BA but I am getting the same error as yours. The web server certificate is in the trust.jks file (I checked using the keytool command). Did you manage to make any progress?

Thanks!

Hello

I have been trying to send an email from a CSHS using google smtp server in ICP4BA environment on IBM Tech Zone. In the logs, I can see the below errors :

{"type":"liberty_message","host":"icp4adeploy-bastudio-deployment-0.icp4adeploy-bastudio-service-headless.cp4ba-starter.svc.cluster.local","ibm_userDir":"\/opt\/ibm\/wlp\/usr\/","ibm_serverName":"defaultServer","message":"CWPKI0823E: SSL HANDSHAKE FAILURE: A signer with SubjectDN [CN=smtp.gmail.com] was sent from the host [smtp.gmail.com:587]. The signer might need to be added to local trust store [\/opt\/ibm\/wlp\/usr\/servers\/defaultServer\/resources\/security\/trusts.jks], located in SSL configuration alias [defaultSSLConfig]. The extended error message from the SSL handshake exception is: [unable to find valid certification path to requested target].","ibm_threadId":"00005c5d","ibm_datetime":"2023-05-05T05:21:15.165+0000","ibm_messageId":"CWPKI0823E","module":"com.ibm.ws.ssl.core.WSX509TrustManager","loglevel":"ERROR","ibm_sequence":"1683264075165_0000000005360","ext_appName":"IBM_BPM_Teamworks","ext_thread":"Default Executor-thread-447"}


I created a secret for gmail smtp server and added the secret name to the trusted_certificate_list in YAML of IBM Cloud Pak for Business Automation (CP4BA) multi-pattern Operator but still getting the same error

https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/22.0.2?topic=services-importing-certificate-external-service

Could someone suggest if something additional is needed to get this working ?

Thanks

If I understand correctly, you are having issue adding a signer certificate for your target resource (in your scenario it is gmail smtp server). For this create the secret for your certificate in cp4ba namespace and specify the secret name under trusted_certificate_list: and restart the ibm operator pod. 

Hi,
 I am facing a similar issue but it is during discovery of new web service. I have the web server certificate added to the trust list in the custom resource of ICP4BA but I am getting the same error as yours. The web server certificate is in the trust.jks file (I checked using the keytool command). Did you manage to make any progress?

Thanks!

Hello

I have been trying to send an email from a CSHS using google smtp server in ICP4BA environment on IBM Tech Zone. In the logs, I can see the below errors :

{"type":"liberty_message","host":"icp4adeploy-bastudio-deployment-0.icp4adeploy-bastudio-service-headless.cp4ba-starter.svc.cluster.local","ibm_userDir":"\/opt\/ibm\/wlp\/usr\/","ibm_serverName":"defaultServer","message":"CWPKI0823E: SSL HANDSHAKE FAILURE: A signer with SubjectDN [CN=smtp.gmail.com] was sent from the host [smtp.gmail.com:587]. The signer might need to be added to local trust store [\/opt\/ibm\/wlp\/usr\/servers\/defaultServer\/resources\/security\/trusts.jks], located in SSL configuration alias [defaultSSLConfig]. The extended error message from the SSL handshake exception is: [unable to find valid certification path to requested target].","ibm_threadId":"00005c5d","ibm_datetime":"2023-05-05T05:21:15.165+0000","ibm_messageId":"CWPKI0823E","module":"com.ibm.ws.ssl.core.WSX509TrustManager","loglevel":"ERROR","ibm_sequence":"1683264075165_0000000005360","ext_appName":"IBM_BPM_Teamworks","ext_thread":"Default Executor-thread-447"}


I created a secret for gmail smtp server and added the secret name to the trusted_certificate_list in YAML of IBM Cloud Pak for Business Automation (CP4BA) multi-pattern Operator but still getting the same error

https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/22.0.2?topic=services-importing-certificate-external-service

Could someone suggest if something additional is needed to get this working ?

Thanks