According to this answer from stackoverflow [1], trustsore expiry would cause the javax.net.ssl.SSLHandshakeException exception which we see. Could anyone tell us how to update truststoreONAPall.jks?
Thanks, Henry [1] https://stackoverflow.com/questions/22253862/what-if-truststore-certificate-expires On Wed, Apr 1, 2020 at 10:39 AM Henry Yu via Lists.Onap.Org <[email protected]> wrote: > > Hi Dan and all, > > We are testing the SDNC changes made by the CCVPN use case on the master > branch. We are seeing the following error [1], which occurs when SDNC DGs try > to interact (i.e., read/write) with AAI. Note that this error was not there > before, and it started to occur a week ago. > > The error seems to be related to the certificate expiry. I noticed the > certificate update made in AAI > (https://gerrit.onap.org/r/c/aai/oom/+/104416). But it does not seem to fix > the problem. > > So my question is: should we also update the following trustsotre file in > SDNC: > > sdnc/oam/installation/sdnc/src/main/resources/truststoreONAPall.jks > > Do the certs in that file also has expiry date? Our Frankfurt integration > testing is blocked by this issue, so any help would be greatly appreciated. > > Thanks, > Henry > > [1] > 17:55:39.368 INFO [qtp446699013-295] Request Time : 2020-03-27T17:55:39.367Z, > Method : PUT > 17:55:39.368 INFO [qtp446699013-295] Request URL : > https://192.168.198.177:8443/aai/v19/network/pnfs/pnf/networkId-providerId-5555-clientId-6666-topologyId-33-nodeId-0.191.0.4/p-interfaces/p-interface/networkId-providerId-5555-clientId-6666-topologyId-33-nodeId-0.191.0.4-ltpId-16777228 > 17:55:39.369 DEBUG [qtp446699013-295] MetricLogger requestId = > 7e494f9f-e08a-4d5e-848d-9a4a2173bc9c > 17:55:39.371 INFO [qtp446699013-295] Input - data : > {"interface-name":"networkId-providerId-5555-clientId-6666-topologyId-33-nodeId-0.191.0.4-ltpId-16777228","speed-value":"10000000","in-maint":true,"operational-status":"down"} > 17:55:39.371 INFO [qtp446699013-295] Invoke > 17:55:39.375 WARN [qtp446699013-295] AAIRequestExecutor.post > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path validation failed: > java.security.cert.CertPathValidatorException: validity check failed > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?] > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) ~[?:?] > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) ~[?:?] > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) ~[?:?] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) > ~[?:?] > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) > ~[?:?] > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:?] > at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) ~[?:?] > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) ~[?:?] > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) > ~[?:?] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) > ~[?:?] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) > ~[?:?] > at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) > ~[?:?] > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > ~[?:?] > at > sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340) > ~[?:?] > at > sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315) > ~[?:?] > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264) > ~[?:?] > at > org.onap.ccsdk.sli.adaptors.aai.AAIClientRESTExecutor.post(AAIClientRESTExecutor.java:383) > [467:org.onap.ccsdk.sli.adaptors.aai-service-provider:1.0.0.SNAPSHOT] > at > org.onap.ccsdk.sli.adaptors.aai.AAIDeclarations.newModelSave(AAIDeclarations.java:1448) > [467:org.onap.ccsdk.sli.adaptors.aai-service-provider:1.0.0.SNAPSHOT] > at > org.onap.ccsdk.sli.adaptors.aai.AAIDeclarations.save(AAIDeclarations.java:501) > [467:org.onap.ccsdk.sli.adaptors.aai-service-provider:1.0.0.SNAPSHOT] > at org.onap.ccsdk.sli.adaptors.aai.AAIService.save(AAIService.java:1375) > [467:org.onap.ccsdk.sli.adaptors.aai-service-provider:1.0.0.SNAPSHOT] > at sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source) ~[?:?] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:?] > at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:54) > [92:org.apache.aries.proxy:1.1.4] > at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119) > [92:org.apache.aries.proxy:1.1.4] > at org.onap.ccsdk.sli.adaptors.aai.$AAIService1830433421.save(Unknown Source) > [467:org.onap.ccsdk.sli.adaptors.aai-service-provider:1.0.0.SNAPSHOT] > at > org.onap.ccsdk.sli.core.sli.provider.base.SaveNodeExecutor.execute(SaveNodeExecutor.java:73) > > [435:wrap_file__opt_opendaylight_system_org_onap_ccsdk_sli_core_sli-provider-base_1.0.0-SNAPSHOT_sli-provider-base-1.0.0-SNAPSHOT.jar:0.0.0] > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20451): https://lists.onap.org/g/onap-discuss/message/20451 Mute This Topic: https://lists.onap.org/mt/72702035/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
