Also, please see my comment on https://jira.onap.org/browse/AAI-2872 to verify your deployment.
Thanks, jimmy From: "FREEMAN, BRIAN D" <[email protected]> Date: Monday, April 20, 2020 at 9:23 AM To: "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, "FRANEY, JOHN J" <[email protected]>, "FORSYTH, JAMES" <[email protected]>, Vivekanandan Muthukrishnan <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, 陈庄洋 <[email protected]> Cc: JOMY JOSE <[email protected]>, Devangam Manjunatha <[email protected]>, "Sudarshan K.S" <[email protected]> Subject: RE: [onap-discuss] AAF Authentication Error #aai [403-Access Denied] Certificate unknown seems to imply that the certificate patch didn’t result in the right certificate being in the java configuration on the aai pod so that now the https to AAF for authentication is failing the certificate check. If you log into the aai-resource pod what certificate does it see and does that cert chain match the cert presented by https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.service:2.1 Brian From: [email protected] <[email protected]> Sent: Saturday, April 18, 2020 10:41 AM To: [email protected]; [email protected]; FRANEY, JOHN J <[email protected]>; FREEMAN, BRIAN D <[email protected]>; FORSYTH, JAMES <[email protected]>; Vivekanandan Muthukrishnan <[email protected]>; [email protected]; [email protected]; 陈庄洋 <[email protected]> Cc: JOMY JOSE <[email protected]>; Devangam Manjunatha <[email protected]>; Sudarshan K.S <[email protected]> Subject: Re: [onap-discuss] AAF Authentication Error #aai [403-Access Denied] Hi Team, We had deployed the ONAP-Elalto with the latest certificate patches of AAI, DMAAP & DCAE few days back, from then onwards we are unable perform the robot demo init & not able to perform the network preload (it's showing as ACCESS DENIED 403). Even i posted that issue in community also. After going through the Hari mail, i checked the aai-resource pod then we had also having same issue. I had attached the error log please help us in coming out of this issue. Regards, ________________________________________________________ Velugubantla Praveen Engineer - CTO-Common L&T TECHNOLOGY SERVICES LIMITED L3 Building, Manyata Embassy Business Park, Nagawara Hobli, Bengaluru-560045 ________________________________________________________ Mobile: +91 9154111420 www.LTTS.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ltts.com_&d=DwMFoQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=v88QSga50-ZvQRfGZOaMjqm_g_AK4ktLcJkJ_iNp3X0&s=weDebBZ0WtBhqj2sOBlkyZhGxUyDYoRYGAPgUXvlZEI&e=> [cid:[email protected]] ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of FRANEY, JOHN J via lists.onap.org <[email protected]<mailto:[email protected]>> Sent: Saturday, April 18, 2020 4:47 AM To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: Re: [onap-discuss] AAF Authentication Error #aai The error means the server side TLS certificate is not trusted by your client. Trust is established from the truststore. The truststore must contain the root ca certificate that signed the server side certificate. This is a configuration error. Maybe you missed a step during installation. Your jvm may not be pointing to the right truststore. John -------- Original message -------- From: "hariharan.38 via lists.onap.org" <[email protected]<mailto:[email protected]>> Date: 4/17/20 7:03 PM (GMT-05:00) To: [email protected]<mailto:[email protected]> Subject: [onap-discuss] AAF Authentication Error #aai Hi All, Currently when I am trying to give the curl request to AAI,it fails with 403 forbidden error.When I checked the console logs of the aai-resources pod I am getting the logs as seen in the attached jpg below.Even though my AAF pods are running fine the request fails with 403.I am currently using the Dublin release .Can anyone please help me out with this issue. Regards, Hari L&T Technology Services Ltd www.LTTS.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.LTTS.com&d=DwQFoQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=v88QSga50-ZvQRfGZOaMjqm_g_AK4ktLcJkJ_iNp3X0&s=p2jvnylMFI0nc0g4JOezYLXgSle0Aap9_gnCTa-AYMU&e=> L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.Ltts.com&d=DwQFoQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=v88QSga50-ZvQRfGZOaMjqm_g_AK4ktLcJkJ_iNp3X0&s=uEpSX0WrsRpMsDCG6Vx8xWw9nL_8ZOYgd3YstNfgESU&e=>. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20758): https://lists.onap.org/g/onap-discuss/message/20758 Mute This Topic: https://lists.onap.org/mt/73108068/21656 Mute #aai: https://lists.onap.org/mk?hashtag=aai&subid=2740164 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
