ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

V21 - No connection to the following CPs | No subject alternative names present

book

Article ID: 226413

calendar_today

Updated On:

Products

CA Automic One Automation

Issue/Introduction

When attempting to connect to the AWI on version 21 where TLS is required, the following error shows in the AWI:

Connection to the AE system not possible. No connection to the following CPs could be established: [IP Adress]:8443

The AWI logs show the following:

2021-10-18 20:06:15,674 pool-1-thread-1        [DEBUG] NOLOGIN/- node0idhup65y46bawl6pqg7f52c70-0  +1 [com.uc4.ecc.backends.impl.dataservice.connection.ConnectionService] - Attempting to connect to Automation Engine at '[IP]:8443'...
2021-10-18 20:06:16,273 pool-1-thread-1        [DEBUG] NOLOGIN/- node0idhup65y46bawl6pqg7f52c70-0  +1 [com.uc4.ecc.backends.impl.dataservice.connection.ConnectionService] - Attempt to close connection made, but parameter is null.
2021-10-18 20:06:16,275 pool-1-thread-1        [DEBUG] NOLOGIN/- node0idhup65y46bawl6pqg7f52c70-0  +1 [com.uc4.ecc.backends.impl.dataservice.connection.ConnectionService] - Connection to Automation Engine failed at '[IP]:8443'.
java.util.concurrent.ExecutionException: java.io.IOException: Failed to connect to [IP]:8443
 at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
 at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:205)
 at com.uc4.ecc.backends.connection.ProductionConnectionFactory.open(ProductionConnectionFactory.java:97)
 at com.uc4.ecc.backends.connection.ProductionConnectionFactory.createConnection(ProductionConnectionFactory.java:48)
 at com.uc4.ecc.backends.Backend.createConnection(Backend.java:107)
 at com.uc4.ecc.backends.impl.dataservice.connection.ConnectionService.connect(ConnectionService.java:72)
 at com.uc4.ecc.backends.dataservice.connection.IConnectionService$pbryglu.connect(Unknown Source)
 at com.uc4.ecc.plugins.login.api.BaseAutomationEngineLoginBehaviour.initiateLogin(BaseAutomationEngineLoginBehaviour.java:63)
 at com.uc4.ecc.plugins.login.api.BaseAutomationEngineLoginBehaviour.initiateLogin(BaseAutomationEngineLoginBehaviour.java:40)
 at com.uc4.ecc.plugins.login.backend.LoginService.login(LoginService.java:100)
 at com.uc4.ecc.plugins.login.api.ILoginService$pbryglu.login(Unknown Source)
 at com.uc4.ecc.plugins.login.view.LoginDialogPresenter.performAutomationEngineLogin(LoginDialogPresenter.java:266)
 at com.uc4.ecc.plugins.login.view.LoginDialogPresenter.login(LoginDialogPresenter.java:231)
 at com.uc4.ecc.framework.core.async.BaseRequestCoordinator$1$1.call(BaseRequestCoordinator.java:237)
 at com.uc4.ecc.framework.core.pool.ContextAwareExecutorService$CallableImplementation.call(ContextAwareExecutorService.java:75)
 at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125)
 at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:69)
 at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78)
 at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
 at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
 at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.io.IOException: Failed to connect to [IP]:8443
 at com.uc4.communication.WebSocketConnection.<init>(WebSocketConnection.java:235)
 at com.uc4.communication.Connection.<init>(Connection.java:52)
 at com.uc4.communication.Connection.open(Connection.java:160)
 at com.uc4.ecc.backends.connection.ProductionConnectionFactory$2.call(ProductionConnectionFactory.java:77)
 at com.uc4.ecc.backends.connection.ProductionConnectionFactory$2.call(ProductionConnectionFactory.java:68)
 at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
 ... 3 common frames omitted
Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: No subject alternative names present
 at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396)
 at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2096)
 at com.uc4.communication.WebSocketConnection.<init>(WebSocketConnection.java:214)
 ... 8 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names present
 at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
 at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
 at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
 at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
 at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
 at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
 at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
 at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
 at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
 at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
 at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:639)
 at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:164)
 at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:79)
 at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:131)
 at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:169)
 at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
 at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
 at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:540)
 at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:395)
 at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161)
 at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
 at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
 at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:882)
 at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1036)
 ... 1 common frames omitted
Caused by: java.security.cert.CertificateException: No subject alternative names present
 at java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:142)
 at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:101)
 at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:452)
 at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:426)
 at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:292)
 at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
 ... 23 common frames omitted

Cause

This is caused by a mismatch between the keystore IP/DNS/FQDN and what is specified in the uc4config.xml file

Resolution

Have a security admin open the keystore and check the cn or common name assigned to the certificate/keystore.  At least one CN needs to match what is in the uc4config.xml file for the AWI.

For example if the cn is FQDN.automic.com and the uc4config.xml file shows:

<cp ip="##.##.###.###" port="8443"/>

These do not match.  Either the IP address, ##.##.###.###, must be added to the list of common names (an admin is needed for this), or the uc4config.xml file must be updated to use:

<cp ip="FQDN.automic.com" port="8443"/>

Attachments