search cancel

Cannot collect execution logs when SSL secure communication is enabled.

book

Article ID: 8805

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

Unable to  collect execution logs from ROC when  Secure Communications is enabled between NES and NAC .

When collecting the logs there is a error displayed which looks like : 

<Please see attached file for image>

cert1.png

Environment

Release Automation 6.4 and 6.5 with secure ssl communications setup between NAC and NES servers.

Cause

The configuration in step 19  from the procedure setting  Secure Communications  is not always loaded correctly.

Step 19:

Open the RA_HOME\conf\security-customization.properties file that you created when securing UI communication, and add the following lines:

javax.net.ssl.trustStore=conf/custom-truststore.jks
javax.net.ssl.trustStorePassword=<plain text password for custom-truststore.jks>

 

 

 

Resolution

You can resolve this in two way's.

Solution 1:

You can add  the certifcate from the NES to to Java default truststore cacerts . 

to do this run keytool in the RA_HOME directory. 

.\jre\bin\keytool -importcert -alias ra-nes1 -file nes1.crt -keystore jre/lib/security/cacerts -v -rfc 

The default password for cacerts is changeit.

Solution 2:

point the java runtime used by tomcat to the custom-truststore which contains the certificates from the NES  by adding the following 
startup parameters in RA_HOME$\bin\catalina.sh file on Unix.

-Djavax.net.ssl.trustStore=conf/custom-truststore.jks 
-Djavax.net.ssl.trustStorePassword=<truststore-password> 

In windows you have to add this to the nolioserver settings in the registry using regedit.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\NolioServer20\Parameters\Java\Options 

or run from the RA_HOME directory:

.\bin\Tomcat8 //US//NolioServer20 ++JvmOptions "-Djavax.net.ssl.trustStore=conf/custom-truststore.jks;-Djavax.net.ssl.trustStorePassword=<truststore-password>"

restart the nolio service.

 

 

Attachments

1558700596568000008805_sktwi1f5rjvs16p3q.png get_app