Dear Everyone,
Im running into an issue with our vrealize automation install (v7.3).
On a minimum install, we had to replace the certificate on the iaas server.
After registering all the endpoints, everything worked except for the following:
2017-10-05 09:17:00,265 vcac: [component="cafe:event-broker" priority="INFO" thread="ebs-queue-pool-executer-3" tenant="" context="" parent="" token=""] com.vmware.vcac.eventlog.auditing.saveEvent:90 - Exception thrown for IaaS endpoint: https://iaas1/WAPI/ - Error Message: java.security.cert.CertificateException: Untrusted certificate chain.
I tried to register:
c:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe>Vcac-Config.exe RegisterEndpoint --EndpointAddress https://iaas1/WAPI --Endpoint wapi -v
even with a rebuild of the trust:
(Incorrect vRealize Automation Component Service Registrations)
Or add the chain certificates to the java keystore.
But nothing seems to work.
As automation is completely unusable right now, any help would be appreciated.
PS. on the applience, all the services show registered except for:
release-management | com.vmware.csp.component.devops.release.management | 2017 Oct 5 11:15:15 | UNAVAILABLE |
But that was the case from the beginning. Further more, there are no more errors.
Full Exception:
2017-10-05 09:17:00,020 vcac: [component="cafe:iaas-proxy" priority="INFO" thread="tomcat-http--31" tenant="vsphere.local" contex
t="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted:51
- Default SSL Certificate: 261966366051175164202210355019191434353
2017-10-05 09:17:00,020 vcac: [component="cafe:iaas-proxy" priority="WARN" thread="tomcat-http--31" tenant="vsphere.local" contex
t="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted:61
- Untrusted certificate chain:
2017-10-05 09:17:00,020 vcac: [component="cafe:iaas-proxy" priority="WARN" thread="tomcat-http--31" tenant="vsphere.local" contex
t="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted:63
- Untrusted certificate with serial number: [275575002430767747207576006487004385936] and thumbprint: [B0:95:0A:40:F6:85:F3:0F:D
B:DD:D8:BE:85:F7:62:10:71:44:60:69]
2017-10-05 09:17:00,021 vcac: [component="cafe:iaas-proxy" priority="WARN" thread="tomcat-http--31" tenant="vsphere.local" contex
t="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted:63
- Untrusted certificate with serial number: [57397899145990363081023081275480378375] and thumbprint: [33:9C:DD:57:CF:D5:B1:41:16
:9B:61:5F:F3:14:28:78:2D:1D:A6:39]
2017-10-05 09:17:00,021 vcac: [component="cafe:iaas-proxy" priority="WARN" thread="tomcat-http--31" tenant="vsphere.local" contex
t="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted:63
- Untrusted certificate with serial number: [52374340215108295845375962883522092578] and thumbprint: [F5:AD:0B:CC:1A:D5:6C:D1:50
:72:5B:1C:86:6C:30:AD:92:EF:21:B0]
2017-10-05 09:17:00,021 vcac: [component="cafe:iaas-proxy" priority="ERROR" thread="tomcat-http--31" tenant="vsphere.local" conte
xt="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.iaas.gateway.impl.BaseGatewayImpl.mapIaasGatewayException:91 -
Exception thrown for IaaS endpoint: https://iaas1/WAPI/ , message: java.security.cert.CertificateExceptio
n: Untrusted certificate chain.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted certificate chain.
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[?:1.8.0_131]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[?:1.8.0_131]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_131]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[?:1.8.0_131]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_131]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_131]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_131]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) ~[httpcli
ent-4.5.2.jar:4.5.2]