Troubleshooting
Problem
In CP4S cases application, an error occurs where it displays "Unable to create an App Host pairing. The App Host is unreachable." and no further information on why or how to resolve the error.
Symptom
Navigate to Application Settings > Case Management > Permissions and access then click Apps. Click Add+ under App Hosts then enter the name and description of the App Host to generate the pairing information. The error shows after the Create button is clicked as shown in the image:
Cause
This issue is a result of cert-manager no longer adding the commonName to the Subject Alternate Name, which is a known issue in CP4S 1.7.2 and 1.8.0.
Diagnosing The Problem
Logs for this issue can be viewed with the following command:
oc logs isc-cases-application-<pod id> -c cases-application-client-log-tailer | grep Certificate
The example log shows the error that is generated from this pod:
{"level":"error","thread":"http-nio-9443-exec-7",
"logger":"com.co3.web.servlet.ProxiedServiceServlet",
"message":"Error while proxying request GET:/services_proxy/manager/tenants/441bf930-f76c-4f4a-96a0-9e5f9c0e6a55/apps",
"context":"default",
"exception":"javax.net.ssl.SSLPeerUnverifiedException:
Certificate for <isc-app-manager> doesn't match any of the subject alternative names: [isc-app-manager.cp4s.svc.cluster.local]\n\t
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)\n\t
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)\n\t
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)\n\t
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)\n\t
at ......etc.
Resolving The Problem
SOLUTION 1:
The app manager entry in the soar-postgres-svc database has to be updated to resolve this issue. The issue is resolved by connecting to the database and updating the database with a new entry to resolve the error.
The steps provided are performed with a terminal that has the oc client and the psql command.
- Get the soar-postgres-svc database password:
oc get secret isc-cases-db-passwords --template={{.data.mondbo_password}} | base64 -D
- Open a port forward connection to the database service:
oc port-forward svc/soar-postgres-svc 65432:5432 -n <cp4s namespace>
- On a new terminal, connect with psql with the password from step 1 when prompted:
psql -h localhost -p 65432 -U mondbo -d co3
- Update the app manager entry in the database:
UPDATE monapp.proxied_services SET ps_url = 'https://isc-app-manager.cp4s.svc.cluster.local:8082';; WHERE ps_name = 'manager';
- Refresh the UI and the error no longer appears
SOLUTION 2:
Basic knowledge of using the vi editor tool is required for the following steps.
- Log in to the cluster command-line interface as an admin.
- To place you in the required namespace, run command:
oc project <--CP4S-NAMESPACE-->
<--CP4S-NAMESPACE-->
with namespace Cloud Pak for Security is located under. - Open the yaml for the
cert/app-manager-cert
resource for editing:oc edit cert/app-manager-cert
- In the editor, navigate to the following section of the text.
spec: commonName: isc-app-manager dnsNames: - isc-app-manager.cp4s.svc.cluster.local
- Add the extra text to this section so that it appears exactly as the text shown as follows.
spec: commonName: isc-app-manager dnsNames: - isc-app-manager - isc-app-manager.cp4s - isc-app-manager.cp4s.svc - isc-app-manager.cp4s.svc.cluster.local
- Save and exit the text editor. If the changes are correct, then the edited message is presented:
certificate.cert-manager.io/app-manager-cert edited
- Allow a minute or two for the
isc-app-manager
pod to restart. - Check the pod until it has the status
1/1 Running
oc get pods | grep isc-app
- Once the pod is running, log in to the Cloud Pak for Security web console and check your App Hosts.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m0z0000001h8pAAA","label":"Cases"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.7.2;1.8.0"}]
Was this topic helpful?
Document Information
Modified date:
01 February 2023
UID
ibm16561655