Loading the SSL root certificate /var/vmware/vpostgres/current/.postgresql/root.crt into a TrustManager failed
search cancel

Loading the SSL root certificate /var/vmware/vpostgres/current/.postgresql/root.crt into a TrustManager failed

book

Article ID: 325882

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • Cluster status reports the following error when logged into the virtual appliance management interface (VAMI):
2019-12-07T14:21:43.425054+00:00 localhost org.springframework.transaction.CannotCreateTransactionException: Could not open JDBC Connection for transaction; nested exception is org.postgresql.util.PSQLException: Loading the SSL root certificate /var/vmware/vpostgres/current/.postgresql/root.crt into a TrustManager failed.
  • The following error is printed on the cluster tab:
Database on node <node_name> is in an inconsistent state!
  • Attempting to parse the root.crt file reports an error:
[master] node_name:/storage/db # cat root.crt
Failure: Internal server error.


Environment

VMware vRealize Automation 7.x

Cause

This issue occurs when the /storage/db/root.crt file is corrupted.

 

Resolution

  1. Create a backup of the corrupted file before making any changes on the node with the corrupted cert:

mv /storage/db/root.crt /storage/db/root.crt.BAK

  1. Once complete use SCP to move a copy of an un-corrupted certificate from one of the other nodes to the effected node and set the proper permissions and ownership. Run the following commands on the node with the corrupted certificate
scp root@<fqdn-of-good-node>:/storage/db/root.crt /storage/db/root.crt
chown postgres:users /storage/db/root.crt
chmod 644 /storage/db/root.crt
  1. Restart the Postgres service so it can pick up the correct certificate
service vpostgres restart
  1. Review the vcac-config.log for an entry similar to the one below confirming that the database node in question is repairing: 
current node is repairing ...Already performing a failover or repair operation, repairing (true), clusterDataOperator repairing (true)!
  1. Confirm the errors are now gone within the cluster tab of the VAMI

 


Powered by Wolken Software