Unable to get to console after upgrading
Article ID: 264362
Updated On:
Products
Issue/Introduction
After upgrading NetOps Portal, we are unable to connect; getting the following error
URI:/STATUS:400MESSAGE:Invalid SNISERVLET:-CAUSED BY:org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI
Caused by:
Environment
Dx NetOps Performance Management
Cause
SNI check fails due the fact that the HTTPS certificate doesn't have a SubjectAlternateName that matched Web Site Host or Web Service Host; in SsoConfig
The general rule is: If it is not in the SAN, you cannot call the server by it.
Resolution
Launch SsoConfig
a. Open a terminal session on the NetOps Portal host (as root or with the sudo command).
b. Launch SsoConfig by running the ./SsoConfig command in the <installation_directory> directory
- installation_directory
The default installation directory for NetOps Portal. Default: /opt/CA/PerformanceCenter
c. Choose 1. DX NetOps > 3. Performance Center > 1. Remote Value
.... and update Web Site Host and Web Service Host to a name that is listed in the SSL cert, under "SubjectAlternateName"
To check the SubjectAlternativeName you could run: /opt/CA/jre/bin/keytool -printcertreq -file <filename>.csr
Or
Create a new keystore and new self signed cert to match what is set in SsoConfig for Web Site Host and Web Service Host
Additional Information
1) The san should contain the system hostname, as well as anyway the system will be accessed (shortname, fqdn, in your case, external name, IP)
2) The SSO Web Service Host SHOULD be the internal Portal machine always.
3) The SSO Web Site Host SHOULD be the external Portal machine name, that you want in URLs like email reports/notifications/etc.
Feedback
