CloudPoint UI is spinning continuously due to expired certificates

CloudPoint UI is spinning continuously due to expired certificates

Article: 100045729
Last Published: 2019-06-12
Ratings: 0 0
Product(s): CloudPoint

Problem

After CloudPoint certificates have expired, the CloudPoint UI will spin continuously and certain CloudPoint services/containers may fail to start.

Error Message

The below services/containers maybe in restarting state or uptime maybe short:
flexsnap-api
flexsnap-auth
flexsnap-licensing
flexsnap-identity-manager-service
flexsnap-authorization-service

For each service/container the following will be seen in the log:
flexsnap-rabbitmq: 2019-06-11 00:02:23.373 [info] <0.7580.7> TLS server: In state certify at ssl_handshake.erl:1269 generated SERVER ALERT: Fatal - Certificate Expired
flexsnap-api-1: AMQPConnectionError: Connection to 172.18.0.26:5671 failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
flexsnap-authorization-service: org.springframework.amqp.AmqpIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_expired
flexsnap-telemetry: AMQPConnectionError: Connection to 172.18.0.26:5671 failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
flexsnap-notification: AMQPConnectionError: Connection to 172.18.0.26:5671 failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
flexsnap-policy: AMQPConnectionError: Connection to 172.18.0.26:5671 failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
flexsnap-agent: AMQPConnectionError: Connection to 172.18.0.26:5671 failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
flexsnap-api-gateway: 2019-06-11T00:02:17.061Z 9c88c4e410f9 ERROR Failed to connect to amqp: Error: certificate has expired
flexsnap-onhostagent: AMQPConnectionError: Connection to 172.18.0.26:5671 failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
flexsnap-mongodb: 2019-06-11T00:02:30.870+0000 E NETWORK  [conn23911] SSL peer certificate validation failed: certificate has expired

Cause

The CloudPoint services are not starting due to the expiration of multiple CloudPoint certificates on the CloudPoint host.

Solution

Identify the expired certificates by performing the below:

As root run:
# for CERT in /cloudpoint/keys/*.cert.pem; do echo $CERT; openssl x509 -noout -dates -in $CERT | grep notAfter; done
# for CERT in /cloudpoint/rabbitmq/keys/*.cert.pem; do echo $CERT; openssl x509 -noout -dates -in $CERT | grep notAfter; done

The above two should output expiration dates of certificates.  If any are older than the current date, then contact technical support for assistance renewing the certificates.

References

JIRA : STESC-3171

Was this content helpful?