Configuring: SSL load balancer and terminate SSL at LB before accessing Release Automation

book

Article ID: 5796

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

A scenario where we want to disable access to Release Automation port 8080 and selected design we opted is to implement below.

1: Hide Release Automation Data Management Servers behind Load balancer running on Secure Port

2: Configure Load balancer over the secure port of Data Management Servers

With above configuration in place you will observe below.

 

  • You will be able to access Release Operation Center User Interface seamless via LB
  • When you are launching ASAP Studio via asap.jnlp you will find below errors in java console(at client end).

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

Cause

The reason for above where ASAP fail to render over SSL is because it was missing configuration require to secure UI communication.

Environment

Release Automation Version 6.6 and higher (For 6.7 onwards we recommend using ROC UI instead of ASAP)

Resolution

Please follow step below.

  1. Export the public key of HAProxy into a cert.
  2. Go to document link(respective to RA version)  and follow step 3-8 (under section "Secure UI communication")
  3. Restart the NAC server and try launching asap.

 

Document Links 

Release  Version
6.6 https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/release-automation-nolio/6-6/installation/ca-release-automation-security/secure-communications.html
6.7 https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/release-automation-nolio/6-7/installation/ca-release-automation-security/secure-communications.html