Deploying a Wildcard certificate for the domain the NetOps Portal server is configured in, but Console doesn't start and HTTP 400 SNI errors are observed in the PCService.log.

Configuring SSL using SslConfig works fine for self-signed cert and the console starts. But when using the wild-card certificate issued by a Certificate Authority (CA), it doesn't allow the console to start and doesn't throw an error to suggest the certificate is invalid. However, the following bad padding exception is generated in the PCService.log:

INFO | jvm 1  | 2024/09/24 01:01:52 | ERROR | WrapperSimpleAppMain     | 2024-09-24 01:01:52,662 | com.ca.im.security.Encryption                                    
INFO | jvm 1  | 2024/09/24 01:01:52 |       | Error performing encryption operation
INFO | jvm 1  | 2024/09/24 01:01:52 | javax.crypto.BadPaddingException: Error closing stream: 
INFO | jvm 1  | 2024/09/24 01:01:52 |       at org.bouncycastle.jcajce.provider.BaseCipher.engineDoFinal(Unknown Source) ~[bc-fips-1.0.2.3.jar:1.0.2.3]

DX NetOps CAPM all currently supported releases

The EM DB doesn't have the https changes. And in DM logs, there's the following:

INFO | jvm 1 | 2024/09/10 11:36:23 | 2024-09-10 11:36:23.792:WARN:oejs.HttpChannel:qtp1506660594-20: handleException /dm/rib/ org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI

When looking at the dm.properties, it has the following:

pc.url=https://netops-portal:8182/pc/center/

This needs to be FQHN, even when using wildcards.

Same issue in em.properties:

dm.url=https://netops-portal:8482/dm/
# Default EM URL
em.url=https://netops-portal:8282/EventManager/

and in Console portal.console.properties:

dm.url=https://netops-portal:8482/dm/
em.url=https://netops-portal:8282/EventManager/

When entering the details in setting up SSL using SslConfig, If FQHN is not asked for, then the OS is not returning FQHN when the setup requests it, and thus we get the short name and use it in these properties files. Hence, the inter-service communication is giving SNI issues.