Symptoms:
This article is applicable when you observe the following symptoms:
- After clicking on the GO TO LOGIN PAGE button on the homepage of your vRealize Automation 8.0 instance, the vRealize Automation appliance attempts to redirect to the vIDM login, but instead displays a blank page with the words Bad Gateway.
- The certificate for VMware Identity Manager (vIDM) was updated after vRealize Automation 8.0 was deployed, either through Lifecycle Manager, or from the vIDM management interface.
To view the logs for the
identity-service-app pod on the vRealize Automation appliance:
- Run the following command to get the pod name
kubectl get pods -n prelude | grep identity-service-app
- Run the following command to get the logs from the pod (specific pod name will be different)
kubectl logs identity-service-app-7fd98994ff-6z4n4 -n prelude
- You may see entries similar to these (where [vIDM_FQDN] and [vIDM_IP] are the FQDN and IP address of your vIDM instance):
2019-11-29 22:58:18.681+0000 WARN 29 --- [ctor-http-nio-2] r.netty.http.client.HttpClientConnect : [id: 0x1676876c, L:/10.244.0.57:46894 ! R:[vIDM_FQDN]/[vIDM_IP]:443] The connection observed an error
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_221]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target