After cert renewal linux agent throws TLS-handshake/337047686(certificate verify failed)
search cancel

After cert renewal linux agent throws TLS-handshake/337047686(certificate verify failed)

book

Article ID: 380077

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine CA Automic One Automation

Issue/Introduction

Linux agent will not start after a renewal of the certificate in the JCP's keystore.  The main error shown is:

U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed)'.

 

The rest of the log shows something like this:

20241008/135815.506 - U02000072 Connection to system 'AUTOMIC' initiated.
20241008/135815.506 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'jcp_server:8443/agent'.
20241008/135815.549 - U02000377 Certificate loaded from file '/etc/pki/tls/certs/ca-bundle.crt'.
20241008/135815.549 - U02000378 Loading certificates from directory: './trustedcert'.
20241008/135815.549 - U02000377 Certificate loaded from file './trustedcert/automic_AUTOMIC.cer'.
20241008/135815.549 - U02000398 Loading certificates from the directory './security' that is specified in the parameter'AgentSecurityFolder'.\
20241008/135815.549 - U02000377 Certificate loaded from file './security/AGENTNAME.pem'.
20241008/135815.553 - U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed)'.
20241008/135815.554 - U02000010 Connection to Server 'AUTOMIC/JCP_IP:8443' terminated.
20241008/135815.554 - U02000072 Connection to system 'AUTOMIC' initiated.
20241008/135815.554 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'jcphost:8443/agent'.
20241008/135815.600 - U02000313 Communication error with partner '*SERVER', error: 'connect/(resolve: Host not found (authoritative))'.
20241008/135815.600 - U02000010 Connection to Server 'AUTOMIC/unknown' terminated.
20241008/135815.600 - U02000074 Connecting to system 'AUTOMIC' is not possible.
20241008/135815.601 - U02003073 Agent Prozess 'AGENT,PID=314645' shutdown has been initiated.
20241008/135815.601 - U02000041 Shutdown Agent 'AGENTNAME'.
20241008/135815.601 - U02000002 Agent 'AGENTNAME' version '21.0.2+build.31' ended abnormally.

Environment

Agent is on a old version of 21.0 (like 21.0.2)

Resolution

Make sure the full updated certificate chain (root and intermediate if applicable) are in the SSL_CERT_DIR/SSL_CERT_FILE folder/file. 
Update the agent to the latest version (like 21.0.12)
Reset the agent public key from the AWI