Bitbucket integration rejects certificate
search cancel

Bitbucket integration rejects certificate

book

Article ID: 409114

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

An on-prem bitbucket instance just had its certificate replaced with a new Sectigo certificate, but Aria Automation does not recognize it.  When verifying the integration (validate credentials, then Save), no error is received.  However, syncing against any project gives the error "Invalid certificate in the requested target"

Environment

Aria Automation 8.18.1

Cause

The new certificate PEM value from BitBucket is not getting replaced in the database when the integration is saved.  

In the provisioning-service-app log, it will show this WARN message indicating the certificate Info being removed for the integration:

2025-08-27T15:07:20.750Z WARN provisioning [host='provisioning-service-app-xxxxxxxx-xxxxx' thread='xn-index-queries-21' user='<useName>' org='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' trace='<traceId>' parent='<parentId>' span='<spanId>'] c.v.i.a.s.m.CloudAccountService.removeExpiredCertificateFromEndpointState:1647 - Removing certificate from endpoint state: [<integrationUrl>,/resources/endpoints/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx]: exception: java.security.cert.CertificateExpiredException: NotAfter: Fri Aug 15 23:59:59 GMT 2025

You will then see a PATCH request entry, however it doesn't show anything from the body of the API request:

2025-08-27T15:07:20.771Z INFO provisioning [host='provisioning-service-app-xxxxxxxx-xxxxx' thread='reactor-http-epoll-4' user='' org='' trace='<traceId>' parent='' span='<spanId>'] reactor.netty.http.server.AccessLog.info:279 - XX.XXX.XX.XXX - - [27/Aug/2025:15:07:20 +0000] "PATCH /iaas/api/integrations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx?skipEnumerate&apiVersion=2021-07-15 HTTP/1.1" 202 193 8282 95 ms

Resolution

Workaround:

Ensure a backup or snapshot is taken before making any changes.

  1. Get the ID of the integration from the URL after browsing to the Bitbucket integration in vRA. 
  2. Refer to the schema values noted in Swagger (https://<vRA_URL>/api-docs) under Infrastructure as a Service > Integration > PATCH /iaas/api/integrations/{id}
  3. Put the id value into the respective field in the Swagger form
  4. Enter the apiVersion into its field (2021-07-15)
  5. Define the privateKeyId (username), privateKey (password) and certificateInfo (New certificate PEM data) values in the request body.  All other values are not necessary to complete the request.
  6. Run the request
  7. In the vRA UI, go to the integration and the Project tab, then click on SYNC to confirm a successful update.
Powered by Wolken Software