Spring Cloud Services SSL Certificate Error
Article ID: 292939
Updated On:
Products
Issue/Introduction
The SSL and TLS certificate errors are like the following:
Missing certs:p-spring-cloud-services.login.your-domain.com:443 - exiting install.
Or
*******ERROR******** The certificate for //p-spring-cloud-services.login.your-domain.com DOES NOT have a matching Subject Alternative Name or Common Name
Environment
Cause
You must use "one single certificate" that contains all your Subject Alternative Name (SAN's) Certificates.
That includes all of the domains listed below, replacing SYSTEM_DOMAIN.TLD with your system domain, and APPLICATION_DOMAIN.TLD with your application domain:
- *.SYSTEM_DOMAIN.TLD
- *.APPLICATION_DOMAIN.TLD
- *.login.SYSTEM_DOMAIN.TLD
- *.uaa.SYSTEM_DOMAIN.TLD
If any of the above are missing from your SSL certificate, you will receive errors similar to the one above in your installation log file.
Resolution
-
Check and make sure the certificates that have been deployed to your load balancer are correct and contain all the SAN's listed above.
Use the following command to print the certificates on the load balancer, replace <SYSTEM-DOMAIN> with your FQDN.openssl s_client -showcerts -connect api.<SYSTEM-DOMAIN>:443 < /dev/null | openssl x509 -noout -text
If your certificate is missing one of the domains listed above, you will need to correct the certificate and have the new certificate installed on your load balancer before you can continue. - If you install version 1.3 or later of SCS, there is an additional option in the menu that allows you to ignore certificate errors.
- Click "Do not validate that SSL certificates are properly configured"
- Save and Apply Changes.
- Broadcom does not recommend you use this option; it is provided as a workaround for testing purposes. Bypassing SSL will not resolve the problem. Certificates need to be correctly set up or SCS will not function properly.
Feedback
