Release Automation

Hi,  we need to disable ROC access on port 8080 due to security reason.  We have already performed ROC and ASAP configurations to be listening on port 8443. 

We tried to disable port on server.xml as Jacky Mahadab recommend on this post:  https://communities.ca.com/thread/241767337  But we faced some connections problem with the repository (it resides in our nac server). We also found that NAC agent down on dashboard, but the agent was up and running.  We enabled the port 8080 on sever.xml again and the infrastructure  returns  to it's normal  behavior.   Our infrastructure have:

1 - Nac server (repository resides on same server as default)
2- two executions server
3- Database Server

Is it possible to disable ROC access on port 8080 and leave the port open, or should I reconfigure every component to work on other port?

I tried to change nolio-repo.properties

[x000933@plrelautoapp4 conf]$ cat nolio-repo.properties

# If you intend to use encrypted repository password, Please use the encrypt_password.bat/sh utility to encrypt the password.

type=nexus

scheme=https

hostname=

port=8443

But when trying to publish a process I get this error:

Unexpected error on server [The process was published without schema manifest. For more details refer to server logs.]. Please refer to server logs with timestamp [2016-11-30 13:12:37].

After changing repository config for https and restart the NAC check nolio_dm_all.log for the startup sequence and look for errors related to repository connection.

If the errors related to missing certification you might need to add the RA certificate to cacert file (<Root dir\jre\lib\security>

Jacky_Mahadab

Jacky: I changed the configuration to HTTPS, and the following error appeared in nolio_dm_all.log. It seems that is a certificate issue, what did you mean about "RA certificate"?

2016-12-02 17:43:02,879 [ActionsSyncTimer] DEBUG (com.nolio.platform.shared.communication.services.artifacts.repositoryplugins.ArtifactRepositoryPlugin:72) - Verifying nexus repository existence at [https://plrelautoapp4:8443/nexus/content/repositories/nolio]

2016-12-02 17:43:02,880 [ActionsSyncTimer] INFO  (com.nolio.platform.shared.communication.services.artifacts.repositoryplugins.ArtifactRepositoryPlugin:513) - executing artifact upload request GET https://10.75.248.64:8443/nexus/service/local/repositories/nolio/status HTTP/1.1

2016-12-02 17:43:02,929 [ActionsSyncTimer] ERROR (com.nolio.platform.shared.communication.services.artifacts.repositoryplugins.ArtifactRepositoryPlugin:521) - Failed to execute HttpGet for artifact  [/nexus/service/local/repositories/nolio/status] from default repository [https://plrelautoapp4:8443/nexus/content/repositories/nolio].

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Are you using default Release Automation certificate files (nolio.jks) or do you use your own certificates?

What version is your Release Automation system?

We have an internal CA that signs the certificates. We have already configure ROC and ASAP successfully.

RA version is 6.2.0.3029

Thanks.

As I remember you need to add your certificate also to cacert file of the NAC (Locate in <Install root>\jre\lib\security , default password is Changeit) 

Jacky 

Jacky: I opened a case (00614222) for this. Now it's working properly.

Thanks Jacky and Jeremy Nelson for your support on this.