Hi, I found an SSLException error in the AAI data-router in ONAP ElAlto.
I think. the issuer of the certificate on the message-router side is ONAP, but ONAP is not registered in the cacerts file on the aai-data-router side. Is there not a problem? Log: $ kubectl exec $(kubectl get pod | cut -f 1 -d ' ' | grep aai-data-router) -c aai-data-router -it bash bash-4.4# cat /opt/app/data-router/logs/AAI-DR | grep SSLException Caused by: javax.net.ssl.SSLException: SSLException invoking https://message-router.onap:3905/events/AAI-EVENT/datarouter/datarouter?timeout=1000&limit=100: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterExc eption: the trustAnchors parameter must be non-empty ... bash-4.4# openssl s_client -connect message-router.onap:3905 < /dev/null 2> /dev/null | openssl x509 -text | grep Issuer Issuer: C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9 bash-4.4# keytool -list -v -storepass changeit -keystore /etc/ssl/certs/java/cacerts | grep Issuer: | grep -i ONAP bash-4.4# Regards, Nasu -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20588): https://lists.onap.org/g/onap-discuss/message/20588 Mute This Topic: https://lists.onap.org/mt/72891485/21656 Mute #aai: https://lists.onap.org/mk?hashtag=aai&subid=2740164 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
