Search Engine: Elastic

Article ID: 131955, created on Dec 22, 2017, last review on Dec 22, 2017

  • Applies to:
  • Operations Automation 7.1
  • Operations Automation 7.2

Symptoms

  1. Periodic task Synchronize resource usage for APS application instance failed with error (Repeating several times for different res-IDs):

    Could not get resource usage for resource with UUID 'b33ab9c8-ec25-4fa9-baf7-6fde289e5b55': Could not invoke endpoint url 'https://h2-apshosting.home-whs.pl:443/hosting/context/b33ab9c8-ec25-4fa9-baf7-6fde289e5b55' of application instance with UUID 'fe2e44b2-5419-401a-8c62-975962634830'. Unauthorized access. Saved controller certificate and received are different. (Instance ID: fe2e44b2-5419-401a-8c62-975962634830)=====
    Array
    (.....
    
  2. Application Endpoint is deployed on Apache Shared host.

  3. Apache web server on Endpoint host is configured to use custom SSLCACertificateFile option.

Cause

During processing the task OA sends CA certificate of APS Controller to Application Endpoint. CA certificate of APS Controller must be accepted by Remote host during Server Key Exchange phase in Certificate Request block.

If remote server is configured to use custom CA certificate that it is not CA of APS Controller, client doesn't send Controller certificate during Client Key Exchange phase.

Resolution

In order to solve the issue it is required to add APS Controller certificate to Apache configuration on Endpoint Host by following steps:

  1. Change option SSLCACertificateFile to SSLCACertificatePath in /etc/httpd/conf.d/ssl.conf configuration file on Application endpoint. For example:

    # grep SSLCACertificatePath /etc/httpd/conf.d/ssl.conf
    SSLCACertificatePath /etc/pki/tls/certs/ca
    
  2. Create directory /etc/pki/tls/certs/ca if it does not exist:

    # mkdir -p /etc/pki/tls/certs/ca
    
  3. Copy existing CA certificate to /etc/pki/tls/certs/ca.

  4. Copy CA certificate of APS Controller from /usr/local/pem/APS/certificates/ca.pem on Core node to /etc/pki/tls/certs/ca on Endpoint Host.

  5. Save changes and restart the apache service:

    # service httpd restart
    
  6. Resubmit failed tasks.

31987597efff5a3a9ce779cc203bbe5e caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 5356b422f65bdad1c3e9edca5d74a1ae 1941880841f714e458ae4dc3d9f3062d 8c199f0ee4305da1a577740620df4a51

Email subscription for changes to this article
Save as PDF