HP XP P9000 Performance Advisor Software v5.5 Install Guide (T1789-96339, February 2013)
1. On the HP XP P9000 Performance Advisor host agent, download the InstallCert program
from the following location: http://blogs.sun.com/andreas/resource/InstallCert.java . In case
the link does not open, you can use the following location: https://jira.springsource.org/
secure/attachment/13865/InstallCert.java
NOTE: JavaC is required to compile the InstallCert program on the host agent server. When
you compile the program, ensure that it is named as InstallCert.
2. Compile the downloaded java file using the following command:
<%JAVA_HOME%>\bin\javaC InstallCert.java
3. To retrieve the public key from the HP XP P9000 Performance Advisor management station
and create a keystore, type:
<%JAVA_HOME%>\bin\java InstallCert
<Fully_Qualified_Name_for_Management_Station>:443
Example of a DNS, abc.domain.company.net.
The following status messages appear while InstallCert creates the Keystore:
Loading KeyStore /opt/java6/jre/lib/security/cacerts...
Opening connection to abc.domain.company.net:443...
Starting SSL handshake...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
java:975)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.
java:123)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
java:1029)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1056)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1040)
at InstallCert.main(InstallCert.java:87)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.
java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManager
Impl.java:209)
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:182)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
java:967)... 8 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.
java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)... 14 more
Server sent 1 certificate(s):
1 Subject CN=abc.domain.company.net, OU=DDD, O=LL, L=Bangalore, ST=Karnataka, C=IN
Issuer CN=abc.domain.company.net, OU=DDD, O=LL, L=Bangalore, ST=Karnataka, C=IN
sha1 8b 41 4e 8e 10 d8 6a e7 c1 e7 60 0c 7a 40 40 e3 dc d6 49 d9
md5 23 c0 60 52 56 e2 0b 6f 69 99 39 ff 6b 41 4e cd
4. When prompted to select the certificate to be added to the trusted keystore, look through the
list of certificates displayed and enter the serial number of the certificate you want to add. For
example, enter 1 if you want the first certificate in the list to be added to the trusted keystore.
If you do not want to proceed, type q to quit.
Unsigned approach 87