Nutanix Acropolis discovery error "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed"

SSL Handshake exception during Nutanix Acropolis discovery. Exception would be seen as below.

Exception occurred while executing operation Nutanix API Query. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain.. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain.
com.snc.sw.exception.ConfigurationException: Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain.

Discovery would call Nutanix provided REST API to discover nutanix components. In order for this REST API calls to work, MID Server JRE should have proper Nutanix end point SSL certificates installed.

Various reasons for this error 

1. Missing SSL certificates
   • This could be due to first time nutanix acropolis discovery. Each mid server that is used for this discovery should have these SSL certificates installed.
2. Invalid SSL Certificates.
   • This could be due to downloading the SSL Certificates from incorrect Nutanix end point.
3. SSL certificates installed under incorrect JRE.
   • This could be due to having multiple JREs on a MID Server host and installing the certificates on a different JRE than what MID Server is using.

• Collect the certificates from your internal Nutanix team. Alternatively you can also collect the certificates by browsing your Nutanix prism console from Internet Explorer.
• Once you have the certificates, follow below documentation to add SSL certificates on to the right mid server installation.
  • https://docs.servicenow.com/csh?topicname=add-ssl-certificates.html&version=latest
• Once the certificates are installed, you can list the installed certificates using below keytool command. Search for the alias name of the certificate that is just installed.
  • • <MID Installation>/jre/bin/keytool -list -v -keystore <MID Installation>jre/lib/security/cacerts
    • If a prompt for a password is show, enter if you have any custom password or use the default password i.e "changeit" 

For more information on Nutanix Acropolis discovery, please refer below documentation. This is the latest release documentation as of this writing. Can refer appropriate release version for the latest information.

https://docs.servicenow.com/csh?topicname=nutanix-pattern.html&version=latest