In-place upgrade Autosys R12.1 installer creates 1024 bit cert for eem and fails with CAUAJM_E_112121 error, while all EEM certificates are already 2048 bit.
[CAUAJM_E_112121] An error occurred while authenticating the CA EEM server
with the certificate-based authentication.
The CA EEM certificate is configured with a certificate of length 1024.
AutoSys requires a key length of 2048 or higher. Therefore, modify the CA EEM
server certificate and re-launch the AutoSys installer..
Upgrading to 12.1 on Linux
Validated the checksum of 12.1 linux iso and confirmed that it was fine as per the documentation.
Thee EEM keysize is reported as 1024 by installler
2023-01-03 18:06:16,337 [main] DEBUG com.ca.wla.ae.installer.eem.EEMUtils(171) - EmbIAMProvider - About to authenticate With certificates
2023-01-03 18:06:16,386 [main] DEBUG com.ca.wla.ae.installer.eem.EEMUtils(173) - EmbIAMProvider - Authenticated With certificates
2023-01-03 18:06:16,387 [main] DEBUG com.ca.wla.ae.installer.eem.AeEEMUtils(98) - Retain for future use
2023-01-03 18:06:16,388 [main] DEBUG com.ca.wla.ae.installer.eem.EEMUtils(272) - checkEemVersion() - Begin
2023-01-03 18:06:16,389 [main] DEBUG com.ca.wla.ae.installer.eem.EEMUtils(274) - Check EEM Version
2023-01-03 18:06:16,390 [main] DEBUG com.ca.wla.ae.installer.eem.EEMUtils(217) - Is attached=false
2023-01-03 18:06:16,392 [main] DEBUG com.ca.wla.ae.installer.eem.EEMUtils(231) - Creating a new attach with applicationName=null
2023-01-03 18:06:16,392 [main] DEBUG com.ca.wla.ae.installer.eem.EEMUtils(232) - [email protected]
2023-01-03 18:06:16,405 [main] WARN com.ca.wla.ae.installer.eem.EEMUtils(245) - Encountered AssertionError: org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: Attempt to use RSA key with non-approved size: 1024: RSA
autosys_secure shows the following servers as EEM
CAUAJM_I_60228 CA EEM server: XXXXXX1111.ABC.COM,YYYYYYYYY22222.ABC.COM
CAUAJM_I_60342 Unauthenticated user mode: OFF
Followed the knowledge article Upgrade the keysize of EEM certificates and found that keysize on EEM was 2048.
The temp.key created by the installer inn /temp is shown as 1024.
$ openssl x509 -in temp.key -text -noout | grep "Public-Key"; Public-Key: (1024 bit)
Release : 12.1
The random number generation was slow
Installed rngd on both the scheduler servers and EEM servers
In the EEM server, iAuthority.iTechSDK.xml in the iTechnology folder was owned by the root while all the other files were owned by autosys.
Since the igateway was running as autosys it could not access the iAuthority.iTechSDK.xml and used the default values to create the certificate.
After Changing the ownership of $IGW_LOC/iAuthority.iTechSDK.xml to autosys:autosys and restarting the gateway the temp.key was created with 2048 key length