Consequences of Missing Certificates

Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) displays an error when a certificate is missing.

• Missing osdmc.jks or Customer Root CA in /opt/mce/conf/ssl
  If this trust store or the necessary customer CA certificates are missing, the Management Cloud Engine (MCE) will not be able to connect to Identity Cloud Service (IDCS) or Oracle SDM Cloud, resulting in errors such as:

  11/03 17:12:08.148 ERROR [com.oracle.mce.websocket.WebsocketRegistrationTask] - 
  Method: [run] Thread: [Thread-2:20]  Msg:[Failed to establish web socket connection with 
  WSA. Reason: I/O error on POST request for "https://idcs-example.
  identity.oraclecloud.com/oauth2/v1/token": PKIX path building failed: sun.security.provider.
  certpath.SunCertPathBuilderException: unable to find valid certification path to requested 
  target. Shutting down MCE...

• Missing AcpKeyAndCertStore in /opt/mce/transport/tls
  Without this file, the MCE may fail to connect to managed devices over TLS, generating errors such as:

  11/05 14:29:31.199 ERROR [com.oracle.mce.adaptor.sd.sbi.abstractNnoscdDeviceAdapter] - 
  Method: [abstractDeviceAdapter] Thread: [WebSocketClient-SecureIO-2:32]  Msg:[Failed to connect 
  to device 10.0.0.1 via ACP. Got Exception Cannot connect to device 10.0.0.1. Failed 
  to connect to primary device 10.0.0.1 ErrorCode:26001 Action: Please try again. If error 
  reoccurs, contact your system administrator.] 
  
  11/05 14:34:59.004 ERROR [com.oracle.mce.adaptor.sd.sbi.protocol.acp.ConnectionManagement] - 
  Method: [createSocket] Thread: [WebSocketClient-SecureIO-1:31]  Msg:[TLSSocket Factory error : 
  10.0.0.2:3001] 
  
  com.acmepacket.ems.common.error.TLSSocketFactoryException:  Cannot initialize TLSSSLSocketFactory: SSLContext was null 
          at com.acmepacket.ems.common.transport.security.TLSSecureSocketFactory.<init>(TLSSecureSocketFactory.java:44) 
          at com.oracle.mce.adaptor.sd.sbi.protocol.acp.ConnectionManagement.getNewSocket(ConnectionManagement.java:1278) 
          at com.oracle.mce.adaptor.sd.sbi.protocol.acp.ConnectionManagement.createSocket(ConnectionManagement.java:823) 
          at com.oracle.mce.adaptor.sd.sbi.protocol.acp.ConnectionManagement.createSocket(ConnectionManagement.java:768) 
          at com.oracle.mce.adaptor.sd.sbi.protocol.acp.ACPManagementServerHandler.initialize(ACPManagementServerHandler.java:124) 
          at com.oracle.mce.adaptor.sd.sbi.nnosc.NnoscDeviceAdapter.connectToDevice(NnoscDeviceAdapter.java:698) 
          at com.oracle.mce.adaptor.sd.sbi.nnosc.NnoscDeviceAdapter.connectToDevice(NnoscDeviceAdapter.java:647) 

Note:

If you continue to encounter SSL handshake issues when adding a device, and there are no certificate or TLS profile configuration errors, ensure that tls-global, session-caching is set to disabled, as session-caching can cause connectivity issues during the SSL handshake process.