Thanks for the answers Karthik,
Is the certificate self-signed by any chance on the Thycotic server?
Are you connecting via hostname or IP address to the server?
If you are using a self-signed certificate, would need to copy over the full chain onto the VA via the following steps:
-
Copy the PEM-encoded certificates to the /home/sailpoint/certificates directory. This directory might not be empty because it’s where the VA adds any certs it grabs from the source.
-
Restart CCG. You can use either of the following commands:
‘sudo systemctl restart ccg’ -
Watch the /home/sailpoint/log/ccg-start.log. If this is successful, import should log message.
Note: Above steps are essentially the same as defined when configuring TLS to Active Directory:
https://community.sailpoint.com/t5/IdentityNow-Connectors/TLS-Configuration-on-Virtual-Appliances/ta-p/74434#toc-hId-479772855
What is your VA configuration type, can you execute a curl command or any other troubleshooting commands and resolve the address to the server fine? Have you executed any of the openssl commands in the VA troubleshooting guide?
The getaddrinfo ENOTFOUND error, is an error you would see on the client side, where for instance name resolution of that server is not possible, so this could also be DNS related.
The next best step if all above has been performed is to verify connectivity using openssl via the Virtual Appliance, to test connectivity to the SCIM server and review the certificates(once copied over), please see the commands in the VA troubleshooting guide.
e.g.
openssl s_client --CAfile certificates/examplecer.pem -connect test.yourthycoticserver.com:443
openssl verify examplecer.pem
(above command assumes copied over the certificates to VA).