Post

2 followers Follow
0
Avatar

Invalid certificate when deploying Gemfire for Cloud Foundry

Hello,

I'm not sure whether this is the right place to ask, but we are deploying Gemfire 1.3.0 on our PCF (1.6.x). The deployment was almost complete, then it errors out with following error message:

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

erver error, status code: 502, error code: 10001, message: The service broker returned an invalid response for the request to http://172.16.7.99:8080/v2/service_instances/70271ff8-35f0-49e8-bf2b-47df48dfb7e6. Status Code: 500 Internal Server Error, Body: {"description":"Post https://uaa.system.cf55.fbdldomain.local/oauth/token: x509: certificate is valid for *.cf55.fbdldomain.local, not uaa.system.cf55.fbdldomain.local"}
{"dashboard_url":"https://gf-plan-1-dashboard-8e129cd2-9c62-44d1-5f2e-844d86c421bb.system.cf55.fbdldomain.local/pulse/?redirect_uri=https%!!(MISSING)A(MISSING)%!!(MISSING)F(MISSING)%!!(MISSING)F(MISSING)gf-plan-1-dashboard-8e129cd2-9c62-44d1-5f2e-844d86c421bb.system.cf55.fbdldomain.local%!!(MISSING)F(MISSING)pulse%!!(MISSING)F(MISSING)"}

 

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

We do have an self-signed SSL certificate created for wildcard DNS entry *.cf55.fbdldomain.local, when deploying PCF elastic run-time. I don't know why we need any additional certificate for uaa.system.cf55.fbdldomain.local? 

If we do need such a certificate, how can I create it (maybe create another self-signed SSL certificate using the wildcard *.system.cf55.fbdldomain.local with the same method as before)? And where shall I put this certificate (in Ops manager?)

 

Thank a lot

Silvester

Silvester

Please sign in to leave a comment.

2 comments

0
Avatar

Hello Silvester,

As far as I know, *.<url> would work with all character until one "subdomain" before. If your URL is of the format *.*.<url> you might need to add another mapping with *.system.<url> or *.*.<url>. I believe this is noted in documentation as well (https://docs.pivotal.io/pivotalcf/opsguide/security_config.html).

The place to put this in should be opsmgr https://docs.pivotal.io/pivotalcf/opsguide/security_config.html. 

You can always raise issues as tickets to get much quicker responses from support team.

Hope this helps.

Best Regards,

Pulkit

 

Pulkit Chandra 0 votes
0
Avatar

Thanks Pulkit, I've recreated the SSL certificate with 2 wildcard URLs, now the deployment is successful.

 

Silvester

Silvester 0 votes