UIM unable to upgrade secure robot

book

Article ID: 224856

calendar_today

Updated On:

Products

DX Infrastructure Management NIMSOFT PROBES CA Unified Infrastructure Management On-Premise (Nimsoft / UIM)

Issue/Introduction

Have successfully configured Secured Hub using Third party self signed certificate, with Primary Hub as Tunnel Client and Secondary Hub as Tunnel Server.

However not able to upgrade other robots, with failed proxy check below:

Sep 22 03:39:36:179 0 proxy_check: Determining if the hub is running locally
Sep 22 03:39:36:325 2 proxy_check: RAND wrote 1024 new random bytes to robot/rand.rnd
Sep 22 03:39:36:325 2 proxy_check: RAND snagged 1024 random bytes from robot/rand.rnd
Sep 22 03:39:36:325 2 proxy_check: RAND claims sufficient entropy for the PRNG
Sep 22 03:39:36:326 1 proxy_check: Using OpenSSL 1.0.2p  14 Aug 2018
Sep 22 03:39:36:326 1 proxy_check: (ssl_ctx_setup) ca location -> robot/certs/CA.pem
Sep 22 03:39:36:326 1 proxy_check: (ssl_ctx_setup) certificate -> robot/certs/sechub.pem
Sep 22 03:39:36:326 1 proxy_check: (ssl_ctx_setup) private key file -> robot/certs/sechub.key.pem
Sep 22 03:39:36:326 0 proxy_check: (proxy) setting max queued requests inbound: 112, outbound: 112
Sep 22 03:39:36:326 1 proxy_check: proxy setup: Looking for available proxy port starting from 48100
Sep 22 03:39:36:327 0 proxy_check: proxy setup: Using proxy port 127.0.0.1:48100
Sep 22 03:39:36:327 2 proxy_check: nimSessionServerStrict - host 127.0.0.1, port = 48100
Sep 22 03:39:36:327 2 proxy_check: sockServer - xxxxxxxxx:127.0.0.1/48100:fd=800
Sep 22 03:39:36:327 0 proxy_check: Sending get_info request to remote hub to verify proxy communications
Sep 22 03:39:36:369 1 proxy_check: (outbound proxy) Timeout or comm error waiting for reply. rc=-2
Sep 22 03:39:36:369 0 proxy_check: Failed to send message to hub

Environment

UIM 20.3.3

hub_secure 9.33SHF1

robot_update_secure 9.33SHF5

Resolution

Can see certificate errors in controller logs on target robot 

Sep 22 11:47:45:664 1 proxy_check: ssl_log_error - SSL error checking SSL object after connection
Sep 22 11:47:45:680 1 proxy_check: (proxy_ssl_connect) ssl_connect failed to xx.xx.xx.xx:48000 - rc : 50.
Sep 22 11:47:45:680 1 proxy_check: (outbound proxy) Could not connect to xx.xx.xx.xx on port 48000, addr=hub cmd=get_info
Sep 22 11:47:45:680 1 proxy_check: (outbound proxy) attempt=2 for cmd=get_info failed, trying again in 5ms
Sep 22 11:47:45:695 1 proxy_check: (ssl_verify_cert_hostname) - SSL certificate subjectAltName doesn't match given hostname(xxxxxx.local)
Sep 22 11:47:45:695 1 proxy_check: (ssl_verify_cert_hostname) - SSL certificate common name doesn't match given hostname(xxxxxx.local)
Sep 22 11:47:45:695 1 proxy_check: ssl_connect - Peer certificate: application verification failure
Sep 22 11:47:45:695 1 proxy_check: ssl_log_error - SSL error checking SSL object after connection
Sep 22 11:47:45:728 1 proxy_check: (proxy_ssl_connect) ssl_connect failed to xxx.xxx.xxx.xxx:48000 - rc : 50.
Sep 22 11:47:45:728 1 proxy_check: (outbound proxy) Could not connect to xxx.xxx.xxx.xxx on port 48000, addr=hub cmd=get_info
Sep 22 11:47:45:728 0 proxy_check: Failed to send message to hub

Ensure below is followed 

 

Alternatively can also can use wildcard certificates  

Additional Information

Manually Upgrade to Secure Hub and Robot

Attachments