NES Server unable to connect to NAC over SSL

book

Article ID: 142786

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

We are facing an error with our NES, which records below error

ERROR (com.nolio.nimi.comm.impl.nettysupport.BasicHandler:57) - NimiConnectionImpl{remoteAddress=null, localAddress=null, connectionID=null, channel=null, closed=false, lastAccessedTime=1575248898128}:javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

Cause

In review of the logs, we can see that there is an error recorded.

2019-12-02 16:44:44,685 [http-nio-8443-exec-7] ERROR (org.apache.activemq.broker.BrokerService:598) - Failed to start Apache ActiveMQ ([brokerNesServer, null], java.lang.Exception: Cannot open the store.  It's schema version is not supported.)
2019-12-02 16:44:44,685 [http-nio-8443-exec-7] INFO  (org.apache.activemq.broker.BrokerService:741) - Apache ActiveMQ 5.10.0 (brokerNesServer, null) is shutting down
2019-12-02 16:44:44,685 [http-nio-8443-exec-7] INFO  (org.apache.activemq.broker.TransportConnector:294) - Connector ssl stopped

We can't determine the exact cause without reviewing and verifying the configuration setup for NES, as it may be related to some corruption of data in LevelDB or missing/wrong configuration of SSL. Please follow steps in resolution section to troubleshoot the same.

Environment

Release : 6.4, 6.5, 6.6 or higher

Component : CA RELEASE AUTOMATION RELEASE OPERATIONS CENTER

Resolution

Configuration Validation

Note: Refer the section Secure Communications ->Secure Management Server to Execution Server Communicationin 6.4 Installation guide, making sure the configuration is not missed as required.

On NES:

    • Verifying the keystore and truststore in use
      •  Please verify in the conf/nimi_config.xml file which are keystore and truststore in use for the NES. Look for section mentioned below

 <security>
       <enabled>true</enabled>
        <keystore>conf/custom-keystore.jks</keystore>
        <keystore_password>*******</keystore_password>
        <trust_store>conf/custom-truststore.jks</trust_store>
        <trustore_password>***************</trustore_password>
</security>

    • Verify the below configuration files
      • RA_HOME\webapps\execution\WEB-INF\activemq-broker-nes.xml
      • RA_HOME\conf\catalina.properties
      • RA_HOME\conf\server.xml
    • Validate the respective keystore and truststore entries in keystore and truststore files 
      • jre/bin/keytool -list -v -keystore conf/custom-keystore.jks > nes_keystore_listing.txt
      • jre/bin/keytool -list -v -keystore conf/custom-truststore.jks > nes_truststore_listing.txt

On NAC:

    • Validate the respective truststore entries in truststore files
      • jre/bin/keytool -list -v -keystore <NAC-Truststore-Path > nac_truststore_listing.txt

 

 

Additional Information

Please find 6.4 Installation and Administration guide