Support Policy      Security Notices
  1. DataStax Support
  2. DataStax OpsCenter
  3. General

OpsCenter webserver with HTTPS enabled not starting for releases 6.0.0 - 6.0.2

Follow

Summary

For OpsCenter releases 6.0.0 to 6.0.2, the OpsCenter webserver might not startup correctly if using HTTPs with SSL certificates with CA chains.

Symptoms

SSL certificates that contain a chain may give the following error in the opscenterd.log file and the webserver would fail to start, although the opscenterd process would still be running:

2016-08-10 12:40:32,622 [opscenterd] ERROR: Unable to start up the OpsCenter webserver. (MainThread) 
2016-08-10 12:40:32,640 [opscenterd] ERROR: Traceback (most recent call last): 
File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/OpsCenterdService.py", line 111, in setupWebServer 
File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/WebServer.py", line 108, in makeWebServer 
File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/SslUtils.py", line 24, in make_ssl_context_factory 
File "/usr/share/opscenter/lib/py/twisted/internet/legacy_ssl.py", line 1133, in __init__ 
self.cacheContext() 
File "/usr/share/opscenter/lib/py/twisted/internet/legacy_ssl.py", line 1142, in cacheContext 
ctx.load_cert_chain(self.certificateFileName, keyfile=self.privateKeyFileName) # Automatically checks against private key 
File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/ssl.py", line 1035, in load_cert_chain 
self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store) 
File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/ssl.py", line 1035, in load_cert_chain 
self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store) 
File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/_sslcerts.py", line 136, in _get_openssl_key_manager 
raise SSLError(SSL_ERROR_SSL, "key values mismatch") 
SSLError: [Errno 1] key values mismatch 
(MainThread) 
2016-08-10 12:40:32,642 [opscenterd] ERROR: There was an error starting the OpsCenterd process: Traceback (most recent call last): 
File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/OpsCenterdService.py", line 49, in startService 
File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/OpsCenterdService.py", line 123, in setupWebServer 
NameError: global name 'System' is not defined 
(MainThread)

Cause

Post 6.0.x OpsCenter saw a migration of the opscenterd codebase to jython. There was a upstream bug identified in jython where SSL certificates are handled for which a patch was issued. This patch was not ported into OpsCenter at the time.

This is outlined in the following internal Jira:

OPSC-9999 - Opscenterd will not start up with HTTPs SSL certificates that use intermediate certificates

Solution

Upgrading to OpsCenter 6.0.3 will ensure the latest patch is included to resolve the issue.

Created: 2016-10-12 10:49:14 UTC
Last Update: 2018-10-26 16:55:20 UTC

Related articles

Comments

0 comments

Please sign in to leave a comment.