Hi, Dan,
These are the allowed names with the latest certificates:
X509v3 Subject Alternative Name:
email:[email protected],
DNS:aai,
DNS:aai-search-data.onap,
DNS:aai-sparky-be.onap,
DNS:aai.api.simpledemo.onap.org,
DNS:aai.elasticsearch.simpledemo.onap.org,
DNS:aai.gremlinserver.simpledemo.onap.org,
DNS:aai.hbase.simpledemo.onap.org,
DNS:aai.onap,
DNS:aai.searchservice.simpledemo.onap.org,
DNS:aai.simpledemo.onap.org,
DNS:aai.ui.simpledemo.onap.org
Thanks,
jimmy
From: "TIMONEY, DAN" <[email protected]>
Date: Thursday, April 23, 2020 at 10:41 AM
To: "[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"FORSYTH, JAMES" <[email protected]>
Subject: Re: [onap-discuss] #sdnc - certificate validity failed with AAI
Deepika,
We haven’t updated truststoreONAPall.jks in quite a while (even in master, the
last modify time I see in git log is 5/3/2018), which makes sense since the
only cert we care about in there (the AAF CA cert) doesn’t expire until 2038.
So I don’t think that file is the issue.
Jimmy – in Dublin, we’re still using the FQDN aai.api.simpledemo.openecomp.org
to reference A&AI. I couldn’t tell for sure if those new certs below contain
that server name, or if we should be using aai.onap instead?
Dan
From: onap-discuss <[email protected]> on behalf of "deepika.s84 via
lists.onap.org" <[email protected]>
Reply-To: onap-discuss <[email protected]>, "[email protected]"
<[email protected]>
Date: Thursday, April 23, 2020 at 1:32 AM
To: "[email protected]"
<[email protected]>, "TIMONEY, DAN" <[email protected]>,
onap-discuss <[email protected]>
Subject: Re: [onap-discuss] #sdnc - certificate validity failed with AAI
Hi Dan,
You are Correct, the AAI server certificates was expired and we have updated
the new aai certs using this gerrit commit
https://gerrit.onap.org/r/c/aai/oom/+/104514
<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_aai_oom_-2B_104514&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=qLcfee4a2vOwYSub0bljcQ&m=SQB-O_Ji8BnLBZIdH6_e_4auareGcp3s95Grqp90o5I&s=ZkO-qkjrS7XQgB9v9P6Q2Jr3u2HMFEMRx7Co3-bd9ac&e=>
I have also updated SDNC key files using this Gerrit commit (master branch)
https://gerrit.onap.org/r/c/sdnc/oam/+/105729<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_sdnc_oam_-2B_105729&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=qLcfee4a2vOwYSub0bljcQ&m=SQB-O_Ji8BnLBZIdH6_e_4auareGcp3s95Grqp90o5I&s=-dnIQHOutqi3RGPTjJ7WV4iX0TYUTe4ZARVksYWQlS0&e=>
But still i am facing the SSLHandShake Exception and i have checked the
aaiClient properties(i.e.,
https://gerrit.onap.org/r/gitweb?p=sdnc/oam.git;a=blob;f=installation/src/main/properties/aaiclient.properties;h=6568383647a4410f35e54e19900536a91bf62895;hb=refs/heads/frankfurt<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_gitweb-3Fp-3Dsdnc_oam.git-3Ba-3Dblob-3Bf-3Dinstallation_src_main_properties_aaiclient.properties-3Bh-3D6568383647a4410f35e54e19900536a91bf62895-3Bhb-3Drefs_heads_frankfurt&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=qLcfee4a2vOwYSub0bljcQ&m=SQB-O_Ji8BnLBZIdH6_e_4auareGcp3s95Grqp90o5I&s=Rrt11v8QP1SKitbuGoK8L3j0JVS4Z9629AmCBLK7umM&e=>
) here they have mentioned that ssl certificate truststore is
truststoreONAPall.jks
((i.e.,sdnc/oam/installation/sdnc/src/main/resources/truststoreONAPall.jks).
After the aai certs update in oom is there any update in this truststore key
file in SDNC?
Can you look into it and help me to fix this error.
Thanks,
Deepika
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20824): https://lists.onap.org/g/onap-discuss/message/20824
Mute This Topic: https://lists.onap.org/mt/73196174/21656
Mute #sdnc: https://lists.onap.org/mk?hashtag=sdnc&subid=2740164
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
