Community Home > Discuss > Technology > Network Management > VisualRF communication time out

Network Management

Reply
obi
Contributor II
obi

VisualRF communication time out

‎08-29-2016 03:12 AM

I have new Airwave 8.2.1.1 server running. I tried to enable VisualRF but it does not start. I went to dig some logs and found this kind of errors from /var/log/visualrf/visualrf.log : 

 

2016-08-29 12:59:48,322 ERROR Inventory    com.airwave.svg.AmpInventoryServiceImpl Service [Inventory] is shutting down due to the error[sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
2016-08-29 12:59:48,322 ERROR Inventory    com.airwave.svg.AmpInventoryServiceImpl run
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

These are repeating constantly. And rest is non-sense Java log diarrhea. 

 

I suspect this is because I installed our own RapidSSL wildcard certificate on Airwave and this is either failing on wildcard or Java doesn't trust some intermediate CA on RapidSSL chain. I was thinking that I could try to check/insert CA:s to Javas keystore, but where is the keystore file VisualRF Java uses located?

1 person had this problem.
Alert a Moderator
Message 1 of 4
1,239 Views
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: VisualRF communication time out

‎08-29-2016 03:18 AM

Please open a TAC case ASAP.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 2 of 4
1,219 Views
Reply
0 Kudos
obi
Contributor II
obi

Re: VisualRF communication time out

‎08-29-2016 03:37 AM

OK, TAC case has been opened

Alert a Moderator
Message 3 of 4
1,208 Views
Reply
0 Kudos
obi
Contributor II
obi

Re: VisualRF communication time out

‎09-06-2016 12:49 AM

We had GotoMeeting session with Aruba support. Problem was that I had installed my custom cert only for Pound revese proxy service and not for Apache. It seems that VisualRF runs on separate process which takes certs from different location than Pound. 

 

Offical installation instructions are here: https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/How-to-install-your-own-certificate-on-AMP-versions-7-2-4-and-greater

 

Short simplified version would be, assuming that you import private key and certificate from elsewhere:

- Create dir /var/airwave/custom/ssl-certs/

- Import your private key and certificate as separate files into that dir, name them newcert.crt (certificate) and newcert_private.key (private key)

- Follow KB instructions from step 2

2. Concatenate your certificate and private key into one file, to be used by pound. Add a new line to the end of the certificate to ensure that the two files don't get jumbled together during the concatenation. 

# echo -e "\n" >> /var/airwave/custom/ssl-certs/newcert.crt 
# cat /var/airwave/custom/ssl-certs/newcert.crt /var/airwave/custom/ssl-certs/newcert_private.key > /var/airwave/custom/ssl-certs/pound.crt 

3. Modify the symbolic (soft) links in the default directories to point to your new certificate and private key files: 

# ln -sf /var/airwave/custom/ssl-certs/newcert.crt /etc/httpd/conf/ssl.crt/server.crt 
# ln -sf /var/airwave/custom/ssl-certs/newcert_private.key /etc/httpd/conf/ssl.key/server.key 
# ln -sf /var/airwave/custom/ssl-certs/pound.crt /etc/httpd/conf/ssl.pem 


4. Restart the Apache and pound web servers: 

# ra 
# service pound restart
Alert a Moderator
Message 4 of 4
1,125 Views
Reply
Search Airheads
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2018 Hewlett Packard Enterprise Development LP
All Rights Reserved.
Powered by Lithium