Certificate chaining error
During an LSF outage, we checked the latest logs and saw security_authen.log was updated. It showed a number of errors that a certificate was not trusted. We checked the trusted certificates and saw that the certificate and related certificates were all trusted. So why was the error returned?
Scroll further down the log list to ladb.log. You may see that there is a GEN failed message. Verify that the GEN database really is available by connecting to it directly with a database utility like SQL Studio. Then verify that the gen database connection info is correct in LAWDIR\gen\MICROSOFT. If you are using SERVICENAME to lookup the password, you may want to test commenting out the service name and including the id/password in the file and secure the file. Restart the server and test the portal.
SECURITY_AUTHEN.LOG
Caused by: java.security.cert.CertPathValidatorException: The certificate issued by CN=PKIROOT-01-CA is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:199)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:278)
at com.ibm.jsse2.util.f.a(f.java:14)
… 68 more
Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:316)
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
… 71 more
LADB.LOG
DBDataAreaFactory_1 Create of kind “GEN” failed.
java.lang.UnsatisfiedLinkError: com/lawson/rdtec
h/db/api/DBJni.jniTsDBConnect(I)Ljava/lang/Integer;
DBDataAreaFactory_1 Create of kind “GEN” failed.java.lang.UnsatisfiedLinkError: com/lawson/rdtech/db/api/DBJni.jniTsDBConnect(I)Ljava/lang/Integer;
MICROSOFT
#LAWGATENAME=msfdb2000
DBSERVER=lawdbserver
DBNAME=LAWGEN
#SERVICENAME=DBGEN
LOGINNAME=lawson
PASSWORD=lkaj7fde#%&hdsw
SCHEMA=dbo
FILEGROUPS=FALSE
#DEBUG=TRUE
PORTAL
