2

I recently upgraded DSE to 5.X and OpsCenter to 6.0. Everything works great except the OpsCenter fails to start if I enable HTTPS using our own wildcard certificates. I have .pem file with cert chain and .key file with password removed. Same setup works perfectly with the OpsCenter 5.2.4 but with 6.0 I get the error below:

[opscenterd] ERROR: Traceback (most recent call last):
  File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/OpsCenterdService.py", line 111, in setupWebServer
  File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/WebServer.py", line 108, in makeWebServer
  File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/SslUtils.py", line 24, in make_ssl_context_factory
  File "/usr/share/opscenter/lib/py/twisted/internet/legacy_ssl.py", line 1133, in __init__ self.cacheContext()
  File "/usr/share/opscenter/lib/py/twisted/internet/legacy_ssl.py", line 1142, in cacheContext ctx.load_cert_chain(self.certificateFileName, keyfile=self.privateKeyFileName)  # Automatically checks against private key
  File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/ssl.py", line 1035, in load_cert_chain self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store)
  File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/ssl.py", line 1035, in load_cert_chain self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store)
  File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/_sslcerts.py", line 113, in _get_openssl_key_manager _certs, _private_key = _extract_certs_for_paths([cert_file], password)
  File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/_sslcerts.py", line 211, in _extract_certs_for_paths _certs, _private_key = _extract_cert_from_data(f, password, key_converter, cert_converter)
  File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/_sslcerts.py", line 230, in _extract_cert_from_data certs, private_key = _read_pem_cert_from_data(f, password, key_converter, cert_converter)
  File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/_sslcerts.py", line 246, in _read_pem_cert_from_data for br in _extract_readers(f):
  File "/usr/share/opscenter/lib/jvm/jython-standalone-2.7.0.3.jar/Lib/_sslcerts.py", line 94, in _extract_readers raise SSLError(SSL_ERROR_SSL, "PEM lib (no start line or not enough data)")
SSLError: [Errno 1] PEM lib (no start line or not enough data)
 (MainThread)
[opscenterd] ERROR: There was an error starting the OpsCenterd process: Traceback (most recent call last):
  File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/OpsCenterdService.py", line 49, in startService
  File "/usr/share/opscenter/jython/Lib/site-packages/opscenterd/OpsCenterdService.py", line 123, in setupWebServer
NameError: global name 'System' is not defined
 (MainThread)

Note that OpsCenter starts if I use default certificate and key included in the installation.

Thanks for help! Michael

Scott Bale
  • 10,649
  • 5
  • 33
  • 36
user5467828
  • 31
  • 2
  • Finally managed to fix all the post-upgrade issues and OpsCenter is up and running. The error posted above was because the pem file had windows-line endings in it, so user error. – user5467828 Jul 27 '16 at 01:48
  • Few other things we ran into: 1. ssl_port in opscenterd.conf file must be above 1023 because OpsCenter 6.0 runs under opscenter rather than the root. 2. If using your own certificates, make sure that there is only one certificate in the pem file, don't include the whole chain as suggested in this [guide](https://docs.datastax.com/en/opscenter/6.0/opsc/configure/opscConfiguringEnablingHttps_t.html) otherwise you get "key mismatch" error. Bug is logged for this [issue](https://github.com/jythontools/jython/issues/44) – user5467828 Jul 27 '16 at 02:02

0 Answers0