Rubrik Integration Error
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
Hi everyone,
I’m working on integrating ServiceNow with Rubrik using the Service Graph Connector. The MID Server is online and validated, but the connection test continues to fail with the following error:
The current operation ended in state: ERROR. Detail: Request not sent to uri=https:/------.my.rubrik.com/api/graphql : org.apache.commons.httpclient.HttpException: Session contains no certificates - Untrusted
I believe this may be related to missing CA certificates or something needed from the Rubrik cluster side, but I’m not fully sure what certificate(s) should be provided or where exactly they need to be placed for MID Server trust.
Has anyone run into this with Rubrik before? What certificate(s) from the cluster are required and where should they be installed? Any guidance is appreciated!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
Hi Rose,
You are absolutely on the right track. The error Session contains no certificates - Untrusted confirms that the Java Runtime (JRE) used by the MID Server does not trust the SSL certificate issuer of your Rubrik endpoint.
To resolve this, you need to import the Rubrik Root CA (and potentially Intermediate CAs) into the MID Server's local TrustStore.
Here is the step-by-step procedure:
1. Export the Certificates
Open your Rubrik URL (https://...rubrik.com) in a browser (Chrome/Edge).
Click the Lock Icon in the address bar -> Connection is secure -> Certificate is valid.
Go to the Details or Certification Path tab.
Select the top-most certificate (The Root CA) and click Export.
Save it as Base64-encoded ASCII, single certificate (usually .cer or .pem).
Optional: If there is an Intermediate cert in the chain, export that one too.
2. Import into MID Server JRE The MID Server looks for trust in the cacerts file. You must use the keytool command to import your exported files there.
Log in to the host machine of your MID Server.
Open a Command Prompt (CMD) as Administrator.
Navigate to the MID Server JRE bin directory. It is typically found here: C:\ServiceNow\MidServer\agent\jre\bin (Path varies based on your install).
Run the following command (replace paths accordingly):
keytool -import -alias rubrik_root_ca -file "C:\Temp\rubrik_root.cer" -keystore "..\lib\security\cacerts" -storepass changeit
-file: The path to the certificate you downloaded in Step 1.
-keystore: The path to the cacerts file (usually in agent\jre\lib\security\cacerts).
-storepass: The default Java password is changeit.
3. Restart the MID Server This is the most important step. The MID Server only reads the TrustStore on startup. You must restart the Windows Service (or Linux daemon) for the changes to take effect.
Once restarted, try the connection test again. It should now pass.
If this response helps you achieve your requirement, please mark it as Accepted Solution.
This helps the community grow and assists others in finding valid answers faster.
Best regards,
Brandão
