After cert renewal linux agent throws TLS-handshake/337047686(certificate verify failed)
search cancel

After cert renewal linux agent throws TLS-handshake/337047686(certificate verify failed)

book

Article ID: 380077

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine CA Automic One Automation

Issue/Introduction

Linux agent will not start after a renewal of the certificate in the JCP's keystore.  The main error shown is:

U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed)'.

 

The rest of the log shows something like this:

20241008/135815.506 - U02000072 Connection to system 'AUTOMIC' initiated.
20241008/135815.506 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'jcp_server:8443/agent'.
20241008/135815.549 - U02000377 Certificate loaded from file '/etc/pki/tls/certs/ca-bundle.crt'.
20241008/135815.549 - U02000378 Loading certificates from directory: './trustedcert'.
20241008/135815.549 - U02000377 Certificate loaded from file './trustedcert/automic_AUTOMIC.cer'.
20241008/135815.549 - U02000398 Loading certificates from the directory './security' that is specified in the parameter'AgentSecurityFolder'.\
20241008/135815.549 - U02000377 Certificate loaded from file './security/AGENTNAME.pem'.
20241008/135815.553 - U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed)'.
20241008/135815.554 - U02000010 Connection to Server 'AUTOMIC/JCP_IP:8443' terminated.
20241008/135815.554 - U02000072 Connection to system 'AUTOMIC' initiated.
20241008/135815.554 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'jcphost:8443/agent'.
20241008/135815.600 - U02000313 Communication error with partner '*SERVER', error: 'connect/(resolve: Host not found (authoritative))'.
20241008/135815.600 - U02000010 Connection to Server 'AUTOMIC/unknown' terminated.
20241008/135815.600 - U02000074 Connecting to system 'AUTOMIC' is not possible.
20241008/135815.601 - U02003073 Agent Prozess 'AGENT,PID=314645' shutdown has been initiated.
20241008/135815.601 - U02000041 Shutdown Agent 'AGENTNAME'.
20241008/135815.601 - U02000002 Agent 'AGENTNAME' version '21.0.2+build.31' ended abnormally.

Environment

version: 21.0, 24.x

Resolution

  • Make sure the full updated certificate chain (root and intermediate if applicable) are in the SSL_CERT_DIR/SSL_CERT_FILE folder/file.
  • Update the agent to the latest version (like 21.0.15 or 24.4.2)
  • Reset the agent public key from the AWI

  • If necessary, have your security team export the full certificate chain from the keystore the JCP uses.  Then place the certificate (chain) file into a folder on the agent and update the following two parameters in the agent ini file:

    trustedCertFolder=[full path to the FOLDER where the certificate chain is]
    trustedCertFolderOnly=1

    Restart the agent
Powered by Wolken Software