Deepika, We haven’t updated truststoreONAPall.jks in quite a while (even in master, the last modify time I see in git log is 5/3/2018), which makes sense since the only cert we care about in there (the AAF CA cert) doesn’t expire until 2038. So I don’t think that file is the issue.
Jimmy – in Dublin, we’re still using the FQDN aai.api.simpledemo.openecomp.org to reference A&AI. I couldn’t tell for sure if those new certs below contain that server name, or if we should be using aai.onap instead? Dan From: onap-discuss <[email protected]> on behalf of "deepika.s84 via lists.onap.org" <[email protected]> Reply-To: onap-discuss <[email protected]>, "[email protected]" <[email protected]> Date: Thursday, April 23, 2020 at 1:32 AM To: "[email protected]" <[email protected]>, "TIMONEY, DAN" <[email protected]>, onap-discuss <[email protected]> Subject: Re: [onap-discuss] #sdnc - certificate validity failed with AAI Hi Dan, You are Correct, the AAI server certificates was expired and we have updated the new aai certs using this gerrit commit https://gerrit.onap.org/r/c/aai/oom/+/104514 <https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_aai_oom_-2B_104514&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=qLcfee4a2vOwYSub0bljcQ&m=SQB-O_Ji8BnLBZIdH6_e_4auareGcp3s95Grqp90o5I&s=ZkO-qkjrS7XQgB9v9P6Q2Jr3u2HMFEMRx7Co3-bd9ac&e=> I have also updated SDNC key files using this Gerrit commit (master branch) https://gerrit.onap.org/r/c/sdnc/oam/+/105729<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_sdnc_oam_-2B_105729&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=qLcfee4a2vOwYSub0bljcQ&m=SQB-O_Ji8BnLBZIdH6_e_4auareGcp3s95Grqp90o5I&s=-dnIQHOutqi3RGPTjJ7WV4iX0TYUTe4ZARVksYWQlS0&e=> But still i am facing the SSLHandShake Exception and i have checked the aaiClient properties(i.e., https://gerrit.onap.org/r/gitweb?p=sdnc/oam.git;a=blob;f=installation/src/main/properties/aaiclient.properties;h=6568383647a4410f35e54e19900536a91bf62895;hb=refs/heads/frankfurt<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_gitweb-3Fp-3Dsdnc_oam.git-3Ba-3Dblob-3Bf-3Dinstallation_src_main_properties_aaiclient.properties-3Bh-3D6568383647a4410f35e54e19900536a91bf62895-3Bhb-3Drefs_heads_frankfurt&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=qLcfee4a2vOwYSub0bljcQ&m=SQB-O_Ji8BnLBZIdH6_e_4auareGcp3s95Grqp90o5I&s=Rrt11v8QP1SKitbuGoK8L3j0JVS4Z9629AmCBLK7umM&e=> ) here they have mentioned that ssl certificate truststore is truststoreONAPall.jks ((i.e.,sdnc/oam/installation/sdnc/src/main/resources/truststoreONAPall.jks). After the aai certs update in oom is there any update in this truststore key file in SDNC? Can you look into it and help me to fix this error. Thanks, Deepika -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20822): https://lists.onap.org/g/onap-discuss/message/20822 Mute This Topic: https://lists.onap.org/mt/73196174/21656 Mute #sdnc: https://lists.onap.org/mk?hashtag=sdnc&subid=2740164 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
