Update: I'm able to install SQL, DB Service, TLS Gateway and Windows Agents without any issue.
It seems the issue is occurring only with the AIX Agents.
Also, for other agent types I'm able to see message like
U02000379 Initiating connection to server 'hostname.domain.com:8443' using WebSocket URI: 'wss://hostname.domain.com:8443/agent'.
However, for the AIX agents it is showing System name as server instead of the actual hostname.domain.com
U02000379 Initiating connection to server 'AE21' using WebSocket URI: 'hostname.domain.altayer.com:8443/agent'.
------------------------------
Bharath B.
------------------------------
Original Message:
Sent: Oct 12, 2022 06:43 AM
From: Markus Embacher
Subject: Certificates approach in V21
The error message is misleading. Kindly double check the content of the CA root certificate in the /var/ssl/certs folder if it matches the certificate which has been used to sign your server certificate.
Original Message:
Sent: Oct 12, 2022 03:13 AM
From: B Bharath Kumar Reddy
Subject: Certificates approach in V21
It's still the same. The *could not parse the pem file error *for the
*agentname.pem* file in security folder is still there.
Note: the agentname.pem file contains the root, intermediate and server
certificate details. The other acutual pem file that is placed in
/var/ssl/certs also contains the same. Do I have to configure anything else
extra?
Original Message:
Sent: 10/12/2022 3:00:00 AM
From: Markus Embacher
Subject: RE: Certificates approach in V21
If that is an AIX server, then please leave that configuration empty. The agent searches automatically for following folders:
Default SSLCertDir
Original Message:
Sent: Oct 12, 2022 02:54 AM
From: B Bharath Kumar Reddy
Subject: Certificates approach in V21
They are stored under /var/ssl/certs and I have given that in SSLCertDir
parameter
Original Message:
Sent: 10/12/2022 2:40:00 AM
From: Markus Embacher
Subject: RE: Certificates approach in V21
Since you are using a public signed certificate: where is the matching CA root certificate located on the agent server?
Original Message:
Sent: Oct 12, 2022 02:35 AM
From: B Bharath Kumar Reddy
Subject: Certificates approach in V21
Hi Markus,
We are using *.domain.com in our certificate and hostname.domain.com:8443
in the connection field.
Thanks & Regards,
Bharath B.
Original Message:
Sent: 10/12/2022 2:23:00 AM
From: Markus Embacher
Subject: RE: Certificates approach in V21
Hi Bharath,
what is the wildcard specification in your certificate and what is the connection= parameter that the agent uses to connect to the Automation Engine?
Regards, Markus
Original Message:
Sent: Oct 11, 2022 05:47 AM
From: B Bharath Kumar Reddy
Subject: Certificates approach in V21
Hi Team,
Has anyone used wildcard certificates to implement V21?
We are using Public CA wildcard certificates so that we can use the same across different environments. There is no issue with JCP & AWI but we are getting the below error for Agents. I've found a KB that says we need to define the hostname, IP in SAN but we don't want to do that as we are intending to use the same certificates across environments.
Unix Agent Error - KB
20221011/114859.810 - U02000376 Could not parse certificate 'wildcard_cert.pem'. Please make sure that the certificate is iPEM format.
20221011/114859.810 - U02000398 Loading certificates from the directory 'directory' that is specifiedn the parameter'AgentSecurityFolder'.\
20221011/114859.811 - U02000377 Certificate loaded from file 'agent_security.pem'.
20221011/114859.821 - U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify faid (SSL routines, tls_process_server_certificate))'.
20221011/114859.821 - U02000010 Connection to Server 'AE21/IP:8443' terminated.
------------------------------
Thanks & Regards,
Bharath B.
------------------------------