DX Platform - AIOpsManagement.sh reports that our X.509 cert is not trusted by cacerts

search cancel

DX Platform - AIOpsManagement.sh reports that our X.509 cert is not trusted by cacerts

book

Article ID: 276327

calendar_today

Updated On:

Products

DX Operational Intelligence

Issue/Introduction

AIopsManagement.sh reports that our X.509 cert is not trusted by cacerts as below:

...

Please provide the corresponding .key file for securing URLs:
Currently configured certificate chain contains trust links:
....
It is NOT trusted with cacerts

Environment

DX Platform 2x

Cause

The crt used during the installation included only the certificate of the loadbalancer so the Ingress had not been configured with the complete certificate chain.

You could validate this condition from the Client browser

Resolution

Add CA root certificate as part of the secret

1) Concatenate loadbalancer and CA root certificates

2) Updated secrets with below commands:

./AIOpsManagement.sh --update --dry-run

cd <AOPs-HOME>/files/meta.import/install/

kubectl -f -n <ns> core-tls-secret.yml

3) From the Client browser, check that you can see the complete certificate chain

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/dx-platform-on-premise/23-3/installing/reference-information/DX-Platform-Flags.html

Feedback

thumb_up Yes

thumb_down No