Automic Workload Automation

Hi All,

The AAKE version we are using is 21.0.5+hf4, and we are attempting to connect a new agent from the backend.

We configured the.ini file and added the jcp certificate to the agent server's trusted cert folder. However, the following error is occurring:

 Connection to system 'AUTOMIC' initiated.
20230617/205841.952 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'aake-ws-dev.capital.ge.com:8443/agent'.
20230617/205841.988 - U02000377 Certificate loaded from file '/etc/pki/tls/certs/ca-bundle.crt'.
20230617/205841.989 - U02000378 Loading certificates from directory: '/data/automic/aeinstall-V21/agent/bin/certs'.
20230617/205841.989 - U02000377 Certificate loaded from file '/data/automic/aeinstall-V21/agent/bin/certs/aake.capital.ge.com_R5644.pem'.
20230617/205841.989 - U02000398 Loading certificates from the directory './security' that is specified in the parameter'AgentSecurityFolder'.\
20230617/205841.989 - U02000376 Could not parse certificate './security/AE01-AAKE.pem'. Please make sure that the certificate is in PEM format.
20230617/205841.992 - U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed (SSL routines, tls_process_server_certificate))'.

Attached full logs to the thread.

Hi,

Since the agent is installed outside of the AAKE cluster, you need the Load Balancer/Ingress certificate to be able to connect to AE running in the Kubernetes cluster.

The certificate must also include the FQDN used by the agent to connect:
aake-ws-dev.capital.ge.com:8443

Hope this helps,

Oana

Hi All,

The AAKE version we are using is 21.0.5+hf4, and we are attempting to connect a new agent from the backend.

We configured the.ini file and added the jcp certificate to the agent server's trusted cert folder. However, the following error is occurring:

 Connection to system 'AUTOMIC' initiated.
20230617/205841.952 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'aake-ws-dev.capital.ge.com:8443/agent'.
20230617/205841.988 - U02000377 Certificate loaded from file '/etc/pki/tls/certs/ca-bundle.crt'.
20230617/205841.989 - U02000378 Loading certificates from directory: '/data/automic/aeinstall-V21/agent/bin/certs'.
20230617/205841.989 - U02000377 Certificate loaded from file '/data/automic/aeinstall-V21/agent/bin/certs/aake.capital.ge.com_R5644.pem'.
20230617/205841.989 - U02000398 Loading certificates from the directory './security' that is specified in the parameter'AgentSecurityFolder'.\
20230617/205841.989 - U02000376 Could not parse certificate './security/AE01-AAKE.pem'. Please make sure that the certificate is in PEM format.
20230617/205841.992 - U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed (SSL routines, tls_process_server_certificate))'.

Attached full logs to the thread.

Hi,

Since the agent is installed outside of the AAKE cluster, you need the Load Balancer/Ingress certificate to be able to connect to AE running in the Kubernetes cluster.

The certificate must also include the FQDN used by the agent to connect:
aake-ws-dev.capital.ge.com:8443

Hope this helps,

Oana

Hi All,

The AAKE version we are using is 21.0.5+hf4, and we are attempting to connect a new agent from the backend.

We configured the.ini file and added the jcp certificate to the agent server's trusted cert folder. However, the following error is occurring:

 Connection to system 'AUTOMIC' initiated.
20230617/205841.952 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'aake-ws-dev.capital.ge.com:8443/agent'.
20230617/205841.988 - U02000377 Certificate loaded from file '/etc/pki/tls/certs/ca-bundle.crt'.
20230617/205841.989 - U02000378 Loading certificates from directory: '/data/automic/aeinstall-V21/agent/bin/certs'.
20230617/205841.989 - U02000377 Certificate loaded from file '/data/automic/aeinstall-V21/agent/bin/certs/aake.capital.ge.com_R5644.pem'.
20230617/205841.989 - U02000398 Loading certificates from the directory './security' that is specified in the parameter'AgentSecurityFolder'.\
20230617/205841.989 - U02000376 Could not parse certificate './security/AE01-AAKE.pem'. Please make sure that the certificate is in PEM format.
20230617/205841.992 - U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed (SSL routines, tls_process_server_certificate))'.

Attached full logs to the thread.

Hi Oana,

Yes we have the Ingress/ALB certificate with the FQDN of the JCP. And yes we have added the cert (full chain) to agent and mentioned in trustedcertfolder of ini file. Yet we face this issue. Please let us know all mandatory paths in agent server where JCP cert needs to be placed and also the actions/verifications from agent side to make this work.

Thanks.

Hi,

Since the agent is installed outside of the AAKE cluster, you need the Load Balancer/Ingress certificate to be able to connect to AE running in the Kubernetes cluster.

The certificate must also include the FQDN used by the agent to connect:
aake-ws-dev.capital.ge.com:8443

Hope this helps,

Oana

Hi All,

The AAKE version we are using is 21.0.5+hf4, and we are attempting to connect a new agent from the backend.

We configured the.ini file and added the jcp certificate to the agent server's trusted cert folder. However, the following error is occurring:

 Connection to system 'AUTOMIC' initiated.
20230617/205841.952 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'aake-ws-dev.capital.ge.com:8443/agent'.
20230617/205841.988 - U02000377 Certificate loaded from file '/etc/pki/tls/certs/ca-bundle.crt'.
20230617/205841.989 - U02000378 Loading certificates from directory: '/data/automic/aeinstall-V21/agent/bin/certs'.
20230617/205841.989 - U02000377 Certificate loaded from file '/data/automic/aeinstall-V21/agent/bin/certs/aake.capital.ge.com_R5644.pem'.
20230617/205841.989 - U02000398 Loading certificates from the directory './security' that is specified in the parameter'AgentSecurityFolder'.\
20230617/205841.989 - U02000376 Could not parse certificate './security/AE01-AAKE.pem'. Please make sure that the certificate is in PEM format.
20230617/205841.992 - U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed (SSL routines, tls_process_server_certificate))'.

Attached full logs to the thread.

Hi,

The ALB has it's own certificate (you can use the AWS certificate manager to create one) and the ARN needs to be configured in the Ingress (For example: alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-central-1:564875751664:certificate/b4ae0dfe-baf6-4939-b0c2-736e33823500).

The JCP certificate is not needed if the agent is located outside of the AAKE cluster and connects through the Ingress/ALB. The agent connects to the ALB via TLS, then there is TLS termination at the cluster edge and the agent is routed within the cluster to the JCP pod.

BR,
Oana

Hi Oana,

Yes we have the Ingress/ALB certificate with the FQDN of the JCP. And yes we have added the cert (full chain) to agent and mentioned in trustedcertfolder of ini file. Yet we face this issue. Please let us know all mandatory paths in agent server where JCP cert needs to be placed and also the actions/verifications from agent side to make this work.

Thanks.

Hi,

Since the agent is installed outside of the AAKE cluster, you need the Load Balancer/Ingress certificate to be able to connect to AE running in the Kubernetes cluster.

The certificate must also include the FQDN used by the agent to connect:
aake-ws-dev.capital.ge.com:8443

Hope this helps,

Oana

Hi All,

The AAKE version we are using is 21.0.5+hf4, and we are attempting to connect a new agent from the backend.

We configured the.ini file and added the jcp certificate to the agent server's trusted cert folder. However, the following error is occurring:

 Connection to system 'AUTOMIC' initiated.
20230617/205841.952 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'aake-ws-dev.capital.ge.com:8443/agent'.
20230617/205841.988 - U02000377 Certificate loaded from file '/etc/pki/tls/certs/ca-bundle.crt'.
20230617/205841.989 - U02000378 Loading certificates from directory: '/data/automic/aeinstall-V21/agent/bin/certs'.
20230617/205841.989 - U02000377 Certificate loaded from file '/data/automic/aeinstall-V21/agent/bin/certs/aake.capital.ge.com_R5644.pem'.
20230617/205841.989 - U02000398 Loading certificates from the directory './security' that is specified in the parameter'AgentSecurityFolder'.\
20230617/205841.989 - U02000376 Could not parse certificate './security/AE01-AAKE.pem'. Please make sure that the certificate is in PEM format.
20230617/205841.992 - U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed (SSL routines, tls_process_server_certificate))'.

Attached full logs to the thread.

Hi All,

The AAKE version we are using is 21.0.5+hf4, and we are attempting to connect a new agent from the backend.

We configured the.ini file and added the jcp certificate to the agent server's trusted cert folder. However, the following error is occurring:

 Connection to system 'AUTOMIC' initiated.
20230617/205841.952 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'aake-ws-dev.capital.ge.com:8443/agent'.
20230617/205841.988 - U02000377 Certificate loaded from file '/etc/pki/tls/certs/ca-bundle.crt'.
20230617/205841.989 - U02000378 Loading certificates from directory: '/data/automic/aeinstall-V21/agent/bin/certs'.
20230617/205841.989 - U02000377 Certificate loaded from file '/data/automic/aeinstall-V21/agent/bin/certs/aake.capital.ge.com_R5644.pem'.
20230617/205841.989 - U02000398 Loading certificates from the directory './security' that is specified in the parameter'AgentSecurityFolder'.\
20230617/205841.989 - U02000376 Could not parse certificate './security/AE01-AAKE.pem'. Please make sure that the certificate is in PEM format.
20230617/205841.992 - U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed (SSL routines, tls_process_server_certificate))'.

Attached full logs to the thread.

Hi Swastika,

Please update the connection string in the agent's ini file as following and let me know if it works.

connection=aake-ws-dev.capital.ge.com:443

After updating, please delete the contents from the /bin/security folder and start the agent.

Regards,

Arun

Hi All,

The AAKE version we are using is 21.0.5+hf4, and we are attempting to connect a new agent from the backend.

We configured the.ini file and added the jcp certificate to the agent server's trusted cert folder. However, the following error is occurring:

 Connection to system 'AUTOMIC' initiated.
20230617/205841.952 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'aake-ws-dev.capital.ge.com:8443/agent'.
20230617/205841.988 - U02000377 Certificate loaded from file '/etc/pki/tls/certs/ca-bundle.crt'.
20230617/205841.989 - U02000378 Loading certificates from directory: '/data/automic/aeinstall-V21/agent/bin/certs'.
20230617/205841.989 - U02000377 Certificate loaded from file '/data/automic/aeinstall-V21/agent/bin/certs/aake.capital.ge.com_R5644.pem'.
20230617/205841.989 - U02000398 Loading certificates from the directory './security' that is specified in the parameter'AgentSecurityFolder'.\
20230617/205841.989 - U02000376 Could not parse certificate './security/AE01-AAKE.pem'. Please make sure that the certificate is in PEM format.
20230617/205841.992 - U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed (SSL routines, tls_process_server_certificate))'.

Attached full logs to the thread.