JWP stops using CA-signed certificate with pathlength=0
search cancel

JWP stops using CA-signed certificate with pathlength=0

book

Article ID: 403302

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

The JWP displays error messages when using a CA-signed JWP internal CA certificate.

By default, the internal JWP CA used to sign the FT certificates of the Agents is self-signed.
However, self-signed certificates lead to errors during security scans because the <AGENT>_ca.pem file in the Agent's .../security-folder is self-signed, which is considered to be a vulnerability. 

But, when you create a key pair for the JWP and have it signed by a CA, the JWP will show error messages during startup:

20250228/104637.628 - 39     U00003471 The Server 'AUTOMIC#WP002' has successfully been initialized, *** R E A D Y   F O R   R U N ***
20250228/104637.826 - 39     U00029420 Invalid certificate configuration for 'ENGINECERTIFICATEDURATIONINSECONDS': '-1'. The default value '-1' is used instead.
20250228/104637.826 - 39     U00029420 Invalid certificate configuration for 'TEST_AGENT_CERTIFICATE_VALIDITY_SECONDS': '-1'. The default value '-1' is used instead.

These messages are not blocking the start of the JWP or affecting its function.

 

However, when the internal CA has "pathlength=0", an additional error appears and the JWP stops:

20250310/124402.010 - 38     U00029420 Invalid certificate configuration for 'ENGINECERTIFICATEDURATIONINSECONDS': '-1'. The default value '-1' is used instead.
20250310/124402.011 - 38     U00029420 Invalid certificate configuration for 'TEST_AGENT_CERTIFICATE_VALIDITY_SECONDS': '-1'. The default value '-1' is used instead.
20250310/124402.110 - 38               BASIC CONSTRAINT MISSING
20250310/124402.111 - 38     U00029402 An error occurred during artifact generation: Basic Constraint missing
<...>
20250310/124407.194 - 42     U00003410 Server 'AUTOMIC#WP001' version '21.0.10+build.1712901605363' ended abnormally. 

Cause

This is an issue with the way the JWP handles the CA-signed certificate

Resolution

Solution:

Update to a fix version listed below or a newer version if available.


Fix version:

Component(s): Automation Engine

Automation.Engine 21.0.14 - Available
Automation.Engine 24.4.1 - Available

Additional Information

The reference for this fix is DE167041

Powered by Wolken Software