Hi, we need to disable ROC access on port 8080 due to security reason. We have already performed ROC and ASAP configurations to be listening on port 8443.
We tried to disable port on server.xml as Jacky Mahadab recommend on this post: https://communities.ca.com/thread/241767337 But we faced some connections problem with the repository (it resides in our nac server). We also found that NAC agent down on dashboard, but the agent was up and running. We enabled the port 8080 on sever.xml again and the infrastructure returns to it's normal behavior. Our infrastructure have:
1 - Nac server (repository resides on same server as default)2- two executions server3- Database Server
Is it possible to disable ROC access on port 8080 and leave the port open, or should I reconfigure every component to work on other port?
I tried to change nolio-repo.properties
[x000933@plrelautoapp4 conf]$ cat nolio-repo.properties
# If you intend to use encrypted repository password, Please use the encrypt_password.bat/sh utility to encrypt the password.
But when trying to publish a process I get this error:
Unexpected error on server [The process was published without schema manifest. For more details refer to server logs.]. Please refer to server logs with timestamp [2016-11-30 13:12:37].
After changing repository config for https and restart the NAC check nolio_dm_all.log for the startup sequence and look for errors related to repository connection.
If the errors related to missing certification you might need to add the RA certificate to cacert file (<Root dir\jre\lib\security>
Jacky: I changed the configuration to HTTPS, and the following error appeared in nolio_dm_all.log. It seems that is a certificate issue, what did you mean about "RA certificate"?
2016-12-02 17:43:02,879 [ActionsSyncTimer] DEBUG (com.nolio.platform.shared.communication.services.artifacts.repositoryplugins.ArtifactRepositoryPlugin:72) - Verifying nexus repository existence at [https://plrelautoapp4:8443/nexus/content/repositories/nolio]
2016-12-02 17:43:02,880 [ActionsSyncTimer] INFO (com.nolio.platform.shared.communication.services.artifacts.repositoryplugins.ArtifactRepositoryPlugin:513) - executing artifact upload request GET https://10.75.248.64:8443/nexus/service/local/repositories/nolio/status HTTP/1.1
2016-12-02 17:43:02,929 [ActionsSyncTimer] ERROR (com.nolio.platform.shared.communication.services.artifacts.repositoryplugins.ArtifactRepositoryPlugin:521) - Failed to execute HttpGet for artifact [/nexus/service/local/repositories/nolio/status] from default repository [https://plrelautoapp4:8443/nexus/content/repositories/nolio].
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Are you using default Release Automation certificate files (nolio.jks) or do you use your own certificates?
What version is your Release Automation system?
We have an internal CA that signs the certificates. We have already configure ROC and ASAP successfully.
RA version is 184.108.40.20629
As I remember you need to add your certificate also to cacert file of the NAC (Locate in <Install root>\jre\lib\security , default password is Changeit)
Jacky: I opened a case (00614222) for this. Now it's working properly.
Thanks Jacky and Jeremy Nelson for your support on this.