Pivotal Knowledge Base

Follow

Spring Cloud Services SSL Certificate Error

Environment 

 Product  Version
 Pivotal Cloud Foundry  1.6.x, 1.7.x, 1.8.x
 Spring Cloud Services  1.3.1 and above

Symptom

When installing or upgrading Spring Cloud Services (SCS), you receive SSL/TLS certificate errors like the following:

Missing certs: p-spring-cloud-services.login.your-domain.com:443 - exiting install.

OR

'*******ERROR******** The certificate for p-spring-cloud-services.login.your-domain.com DOES NOT have a matching Subject Alternative Name or Common Name'

Cause 

You must use one single certificate that contains all your Subject Alternative Name (SAN's) Certificates.

That includes all of the domains listed below, replacing SYSTEM_DOMAIN.TLD with your system domain, and APPLICATION_DOMAIN.TLD with your application domain:

  • *.SYSTEM_DOMAIN.TLD
  • *.APPLICATION_DOMAIN.TLD
  • *.login.SYSTEM_DOMAIN.TLD
  • *.uaa.SYSTEM_DOMAIN.TLD

If any of the above are missing from your SSL certificate, you will receive errors similar to the one above in your installation log file. 

Resolution

1. Ensure that you are using one Cert that contains all the Subject Alternative Name (SAN's) above.

OR

2. If you install version 1.3 or later of SCS, there is an additional option in the menu that allows you to ignore certificate errors.

  • Click "Do not validate that SSL certificates are properly configured" (You may wish to click this option if you need to use more than one Cert for your SAN's or do not have the option to change your current SSL certificate configuration).
  • Save
  • Apply changes

Additional Information

Note: When upgrading SCS please use the correct upgrade path as outline here, found under Release Details.

Example: When upgrading from 1.0.x, you must install 1.0.9 prior to installing later versions

For more information on SCS prerequisites please click here.

 

 

Comments

Powered by Zendesk