Java based agent certificates reported expired 1 day before the actual expiry
Article ID: 377680
Updated On:
Products
Issue/Introduction
On AE systems using either LOCAL or LOCAL_REMOTE as authentication methods for their agents, certificates of Java-based Agents can expire prematurely. Certificate validity parameters as set in UC_AGENT_TLS_SETTINGS were not considered.
AGENT_CERTIFICATE_VALIDITY_DAYS and AGENT_CERTIFICATE_END_SPREAD were not taken in account, the certificate had not been renewed and the agents stopped working
This message may appear in the agent log file:
20240701/130516.605 - U02000297 Agent doesn't have valid certificate, requesting new one from server.
Environment
Agent Windows and Linux Java 21.0.x
Cause
This is a bug that affects Java-based agents prior to 21.0.10.
Technical aspects:
An issue has been solved where the renewal of the agent certificate failed with LOCAL and LOCAL_REMOTE authentication in Java based agents.
The agent log file contains the message "U02000297 Agent doesn't have valid certificate, requesting new one from server." followed by the error message "U02012081 The path 'package.txt' to the initial package is invalid". The agent stayed a reconnect loop and was not able to log on to the Automation Engine.
Workaround:
Set INITIALPACKAGE to an empty value in the INI file.
Change "INITIALPACKAGE=package.txt" to "INITIALPACKAGE="
Resolution
This bug has been fixed in the Java-based agents released in 21.0.10.
Java-based Agents should be updated to this version if the system is running an authentication method different from NO.
Additional Information
Bug ID: AE-35246
Bug Title: U02000296 Agent certificate has expired, a new one is requested.
Feedback
