Support Policy      Security Notices
  1. DataStax Support
  2. DataStax OpsCenter
  3. General

OpsCenter webserver with HTTPS enabled not starting for releases 6.0.0 - 6.0.2

Follow

Summary

For OpsCenter releases 6.0.0 to 6.0.2, the OpsCenter webserver might not startup correctly if using HTTPs with SSL certificates with CA chains.

Symptoms

SSL certificates that contain a chain may give the following error in the opscenterd.log file and the webserver would fail to start, although the opscenterd process would still be running:

2016-08-10 12:40:32,622 [opscenterd] ERROR: Unable to start up the OpsCenter webserver. (MainThread) 
2016-08-10 12:40:32,640 [opscenterd] ERROR: Traceback (most recent call last): 
File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/OpsCenterdService.py", line 111, in setupWebServer 
File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/WebServer.py", line 108, in makeWebServer 
File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/SslUtils.py", line 24, in make_ssl_context_factory 
File "/usr/share/opscenter/lib/py/twisted/internet/legacy_ssl.py", line 1133, in __init__ 
self.cacheContext() 
File "/usr/share/opscenter/lib/py/twisted/internet/legacy_ssl.py", line 1142, in cacheContext 
ctx.load_cert_chain(self.certificateFileName, keyfile=self.privateKeyFileName) # Automatically checks against private key 
File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/ssl.py", line 1035, in load_cert_chain 
self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store) 
File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/ssl.py", line 1035, in load_cert_chain 
self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store) 
File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/_sslcerts.py", line 136, in _get_openssl_key_manager 
raise SSLError(SSL_ERROR_SSL, "key values mismatch") 
SSLError: [Errno 1] key values mismatch 
(MainThread) 
2016-08-10 12:40:32,642 [opscenterd] ERROR: There was an error starting the OpsCenterd process: Traceback (most recent call last): 
File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/OpsCenterdService.py", line 49, in startService 
File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/OpsCenterdService.py", line 123, in setupWebServer 
NameError: global name 'System' is not defined 
(MainThread)

Cause

Post 6.0.x OpsCenter saw a migration of the opscenterd codebase to jython. There was a upstream bug identified in jython where SSL certificates are handled for which a patch was issued. This patch was not ported into OpsCenter at the time.

This is outlined in the following internal Jira:

OPSC-9999 - Opscenterd will not start up with HTTPs SSL certificates that use intermediate certificates

Solution

Upgrading to OpsCenter 6.0.3 will ensure the latest patch is included to resolve the issue.

Mark Curtis
Created: 2016-10-12 10:49:14 UTC
Last Update: 2017-07-14 23:53:03 UTC

Related articles

Comments

0 comments

Please sign in to leave a comment.