Error when trying to require signed SSL certificate on ES node in Console

Issue

Checking the Require signed SSL certificate option in the Node Maintenance page for an ES server added to Console results in a failed status for that node and a Node API SSL certificate error.

This occurs even when the SSL certificate is properly signed and configured on the ES node.

This issue is likely due to the entries included in the certificate, which must include the IP address of the ES server.

  • Operating System: Linux
  • Product: Console 3.0 and above + Enterprise Server

Resolution

1. For your Enterprise Server, obtain another signed certificate with a Subject Alternative Name (SAN) entry. In this entry, include the IP address of the Enterprise Server(s) that the signed certificate is for.

2. On your Console server copy the file /etc/pki/tls/certs/ca-bundle.crt (or your root certificate) to /opt/aspera/console/config/cacert.pem

# cp /etc/pki/tls/certs/ca-bundle.crt /opt/aspera/console/config/cacert.pem

3. Restart Console and ES services

On Console server
# asctl console:restart

On ES server # service asperanoded restart

Related

If you are having SSL certificate verification issues in Faspex, see this Knowledge Base article: Error when trying to enable SSL certificate verification on Faspex node 

Have more questions? Submit a request

1 Comments

  • Avatar
    Jermain am

    @

    Edited by Jermain am
Please sign in to leave a comment.
Powered by Zendesk