Hi,

Is it possible in application server or OD that if the certificate loaded via OD has expired Application server or AAEP will send an alert (ex. email alert)? Same with if web service connection encountered a problem?

In release OD 7.2 the runtime was updated to check for expiring certificates and issue warnings. The warning days are configured in the runtimeconfig web app.

Hi,

can you share the document details regarding this update?

This should be available on support.avaya.com or devconnect the 7.2 Knowledge Transfer. Here are a few slides extracted.

Hi,

Is OD 7.2 compatible with AAEP 7.0.2 and Tomcat 7.0? Or does AAEP need to be upgraded?

I would expect that to work, though I am not sure it is an "tested configuration".

Hi,

encountered below error after loading runtimeconfig.war from OD7.2.

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception
org.apache.jasper.JasperException: Unable to compile class for JSP:

An error occurred at line: 98 in the jsp file: /jsp/certificates.jsp
The method setCertificateWarning(String) is undefined for the type CertificateKeystoreConfig
95: errorMessage = "Certificate warning must be between 30 and 60 days before certificate expires";
96: go = false;
97: } else {
98: certConfig.setCertificateWarning(certWarn);
99: }
100:
101: if (go) {


An error occurred at line: 111 in the jsp file: /jsp/certificates.jsp
The method setExtendedNameCheck(boolean) is undefined for the type CertificateKeystoreConfig
108: session.removeAttribute(KEY_CERT_UTIL);
109: }
110: certConfig.setUseExternalKeystore(useExt);
111: certConfig.setExtendedNameCheck(extendedCheck);
112: try {
113: // save the certificate store.
114: if(certUtil != null) {


An error occurred at line: 234 in the jsp file: /jsp/certificates.jsp
The method getCertificateWarning() is undefined for the type CertificateKeystoreConfig
231: <table>
232: <tr>
233: <td>Number of days to issue warnings and alarms before certficate expires:</td>
234: <td><input name="<%= PARAM_CERTWARN%>" type="text" maxlength="6" size="6" value="<%= Integer.toString(certConfig.getCertificateWarning()) %>"/></td>
235: </tr>
236: <tr>
237: <td>Perform extended hostname validation for certificates:</td>


An error occurred at line: 238 in the jsp file: /jsp/certificates.jsp
The method doExtendedCheck() is undefined for the type CertificateKeystoreConfig
235: </tr>
236: <tr>
237: <td>Perform extended hostname validation for certificates:</td>
238: <td><input name="<%= PARAM_EXTENDEDCHECK%>" type="checkbox" <%=(certConfig.doExtendedCheck()==true?"checked":"")%>/></td>
239: </tr>
240: </table>
241:


An error occurred at line: 271 in the jsp file: /jsp/certificates.jsp
The method getCertificateWarning() is undefined for the type CertificateKeystoreConfig
268:
269: Collections.sort(names, new StringComparator(true));
270: boolean shade = true;
271: int warningDays = certConfig.getCertificateWarning();
272: for(String certName : names) {
273: shade = !shade;
274: Certificate tmp = certUtil.getCertificate(certName);


Stacktrace:
org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:102)
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:331)
org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:457)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:378)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:353)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:340)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

Did you also update the scertcommon jar?

Hi,

The old scertcommon jar was still on the folder, was able to access certificate after I removed it. My issue now is that I cannot verify the licensing server. it gives the error "License Url is invalid, or server is not up"

Hi Ross,

Will OD still generate an alarm if Certificate is already expired? I was able to configure OD7.2 but no alarm is log in AAEP, we have an expired certificate on the app server for testing

First I would check the runtimeconfig settings to see what the "number of days" is set to. But yes I would expect an already expired cert to cause an alarm. Note this check in only once a day and the certificate needs to be in the certificate store (jks) OD is using. Visually OD will display a message in the runtime config as well at the report. Note for the alarm to be generated at LEAST one call must be initiated.

what are you entering for the url? it should be only http://host:port

Hi Ross,

For the license error, it is an external weblm and I use the detail: https://<ip address>:52233. While for the certificate warning, It set the Number of days to issue warnings and alarms before certficate expires:30 and conducted test call. But No alarm was log in AAEP

What do you see on the runtimeconfig certificates page?

Hi Ross,

I have Attached a screenshot of the certificate page. Also, license is already working, but found this error when I try to validate one of the applications: Cached WebLM URL /WebLM/LicenseServer
The WebLM URL configured in the DD Admin does not match the Cached WebLM URL used by DD applications in the runtime environment. You may need to restart the app server.