Hi,
Thanks for the feedback.
Just a question to what you mentioned.
"I would not advice to distribute the cert on every agent. You only need to get a cert from your root CA then store the root CA cert or the intermediate cert on every system, and certification problems are solved. "
We are currently distributing the cert on every agent. Where in the ini file would we store the root CA certificate? Can you please explain this step, because our CA cert expires in 2 years and we would like to resolve this before then.
Regards,
[cid:ed6887fd-4478-4530-964b-c44cedb3d6cc]
Disclaimer
Please note: This e-mail and its contents are subject to a disclaimer which can be viewed at
http://www.woolworths.co.za/disclaimer. This Disclaimer forms part of the content of this email in terms of section 11 of the Electronic Communications and Transactions Act, 25 of 2002. Should you be unable to access the link please e-mail
disclaimer@woolworths.co.za and a copy of the disclaimer will be e-mailed to you. NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Original Message:
Sent: 3/20/2024 10:02:00 AM
From: Andrzej Golaszewski
Subject: RE: Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed (SSL routines, tls_process_server_certificate))'.
Hi SWASTIKA SHET, Lavine Appollis,
this is a certification problem. Make the TLS handshake manually with command
openssl s_client -connect <Your-AutomationEngine-Server.de:8443
The command will return some information.
I would not advice to distibute the cert on every agent. You only need to get a cert from your root CA then store the root CA cert or the intermediate cert on every system, and certification problems are solved.
With the solution you choose you will run into cert hell, because the day will come, the cert ist becoming invalid. So you have to change on every system you use it. The Root CA's or intermediate cert's are handled by your CA and implemented by your system admins.
Hope that helps
Best Regards
Andrzej Golaszewski
Original Message:
Sent: Mar 13, 2024 06:10 AM
From: Lavine Appollis
Subject: Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed (SSL routines, tls_process_server_certificate))'.
What was the solution to resolve this?
Original Message:
Sent: Jun 20, 2023 07:23 AM
From: SWASTIKA SHET
Subject: Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed (SSL routines, tls_process_server_certificate))'.
The AAKE version we are using is 21.0.5+hf4, and we are attempting to connect a new agent from the backend.
We configured the.ini file and added the jcp certificate to the trusted certs folder on the agent server.
But we are encountering the following error:
20230617/205841.952 - U02000072 Connection to system 'AUTOMIC' initiated.
20230617/205841.952 - U02000379 Initiating connection to server 'AUTOMIC' using WebSocket URI: 'aake-ws-dev.****:8443/agent'.
20230617/205841.988 - U02000377 Certificate loaded from file '/etc/pki/tls/certs/ca-bundle.crt'.
20230617/205841.989 - U02000378 Loading certificates from directory: '/data/automic/aeinstall-V21/agent/bin/certs'.
20230617/205841.989 - U02000377 Certificate loaded from file '/data/automic/aeinstall-V21/agent/bin/certs/aake.R5644.pem'.
20230617/205841.989 - U02000398 Loading certificates from the directory './security' that is specified in the parameter'AgentSecurityFolder'.\
20230617/205841.989 - U02000376 Could not parse certificate './security/AE01-AAKE.pem'. Please make sure that the certificate is in PEM format.
20230617/205841.992 - U02000313 Communication error with partner '*SERVER', error: 'TLS-handshake/337047686(certificate verify failed (SSL routines, tls_process_server_certificate))'.
20230617/205841.993 - U02000010 Connection to Server 'AUTOMIC/*******:8443' terminated.
20230617/205841.993 - U02000074 Connecting to system 'AUTOMIC' is not possible.
Attached full log to the thread