CimProbe error General SSLEngine problemIssue Discovery of a storage device fails due to error returned on the CimProbe. The error seen is: General SSLEngine problemCauseTo meet high security standards, the MID Server performs x.509 certificate validation on HTTPS traffic. If the certificate presented to the MID server is not found in the cacerts the connection will fail. The following error can be seen in the MID Server agent log: Worker-Interactive:CimProbe-<ecc_queue_sys_id> Worker starting: CimProbe source: <target_ip_address>I/O dispatcher 113 SEVERE *** ERROR *** CimIQL: ResponseMessageCallback: Failed on response message: <ip_address>javax.net.ssl.SSLHandshakeException: General SSLEngine problemat sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165)at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)at org.shaded.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:263)at org.shaded.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:301)at org.shaded.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:503)at org.shaded.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)at org.shaded.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)at org.shaded.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)at org.shaded.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)at org.shaded.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)at org.shaded.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)at org.shaded.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588)at java.lang.Thread.run(Thread.java:748)Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problemat sun.security.ssl.Alerts.getSSLException(Alerts.java:192)at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)at java.security.AccessController.doPrivileged(Native Method)at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)at org.shaded.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:281)at org.shaded.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:339)... 9 moreCaused by: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain.at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)at sun.security.validator.Validator.validate(Validator.java:262)at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:327)at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:236)at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:113)at org.shaded.apache.http.conn.ssl.SSLContextBuilder$TrustManagerDelegate.checkServerTrusted(SSLContextBuilder.java:192)at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1113)at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)... 17 moreCaused by: java.security.cert.CertPathBuilderException: Unable to find certificate chain.at org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi.engineBuild(Unknown Source)at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)... 25 more The important part from above is: Unable to find certificate chainResolutionSet MID server to debug SSL connectionsDetermine certificates which need to be importedImport certificates to the MID server cacerts store Set MID Server SSL Debug Navigate to <MID_Server_agent_folder>\conf\Open wrapper-override.confAdd parameter wrapper.java.additional.3=-Djavax.net.debug=ssl Restart the MID Server service Note: If wrapper.java.additional.3 is already in set, use a different value. For example wrapper.java.additional.4 Determine Certificates Once the MID Server is set to debug SSL, reproduce the issueNavigate to the MID Server logs folder and open the wrapper.logIn the log, search for "Certificate chain", the certificates used in the connection will be listed after this lineCertificates will be listed for multiple connections, we need to find the one which failedAfter the certificates, for the failed connection you will see error certificate_unknownThe certificates between "Certificate chain" and error "certificate_unknown" need to be imported to the cacerts Import Certificate Import a certificate into the MID Server's cacerts keystore, using command: keytool -import -alias <certificate alias> -file "<path to certificate>" -keystore "<path to the MID JRE>\lib\security\cacerts" For example, you might enter (note that "changeit" is the default password): keytool -import -alias MyCA -file "C:\myca.cer" -keystore "C:\Program Files\Java\jre1.8.0_161\lib\security\cacerts"