Hi,
Thanks in advance if anyone could help
Enviroment:
vCAC appliance server: VMware-vCAC-Appliance-6.2.0.0-2330392_OVF10.ova
Identity Appliance:SSO installed with VMware-VIMSetup-all-5.5.0-2442328-20150101-update02(we want to leverage SSO installed with vCenter as Identity Appliance so we didn’t download and install the standalone Identity Appliance)
Deployed and configed vCAC server following “vrealize-automation-62-installation-and-configuration.pdf” using Minimal Deployment Method, however, when login into vRealize Automation console webpage(https://vcac.j.k.l/vcac), after providing username/passowrd, we got the following error:
(The error code changes(ie. is different every time)
Checked in VMware vRealize Automation Appliance management, SSO connected successfully.
Looking into /var/log/vcac/catalone.out we got the following message:
2015-07-01 02:02:09,035 vcac: [component="cafe:shell" priority="WARN" thread="tomcat-http--49" tenant="vsphere.local"] com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted:43 - Untrusted certificate with serial number: [10051561767222306305] and thumbprint: [93:46:75:A5:44:05:09:B2:46:46:C9:5B:52:44:C5:25:CC:EF:92:1E]
2015-07-01 02:02:09,036 vcac: [component="cafe:shell" priority="WARN" thread="tomcat-http--49" tenant="vsphere.local"] com.vmware.vcac.authentication.http.SamlLogoutRequestor.doSendLogoutRequest:107 - Cannot logout principal: [Administrator@VSPHERE.LOCAL] from SSO Server.
org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://10.240.252.178/websso/SAML2/SLO/vsphere.local?SAMLRequest=nZJNb9sgGMe%2FisU9YLBxYhS7i5ZWi%2BS1VdP2sEv1GJPEmw0eD8n68eckstTtsMMOSAj4v%2Fwesbx........
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:557)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:517)
...
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted certificate chain.
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
Caused by: java.security.cert.CertificateException: Untrusted certificate chain.
at com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted(CafeAbstractTrustManager.java:46)
...
Looking into webpage of , we found the certificate in question is the vCAC server’s certificate(thumbprint in the log and in SSL configuration of VMware vRealize Automation Appliance management webpage is the same):
So, we suspect this exception is caused by SSO not recognize vCAC appliance server’s certificate when SSO trying authenticating vCAC server? If yes, how to add vCAC appliance’s certificate into SSO server? If not ,any advice on this will be appreciated!
Thanks in advance!