CloudBlue Technical Support

Symptoms

During the provisioning of APS application, several tasks failed with the following errors:

    Provisioning "globals" for APS application sfr_cnbsoap

    Internal error:
    500 Internal Error
    [ApplicationUnknownError] Unauthorized access. Saved controller certificate and received are different. (Instance ID: <Instance_ID>).

    Body: {
    "code": 500,
    "type": "Exception",
    "message": "Unauthorized access. Saved controller certificate and received are different. (Instance ID: <Instance_ID>)",
    "stacktrace":
    [
    "#0 /usr/share/aps/php/aps/2/runtime.php(351): APS\\Loader->handleHttpRequest()",
    "#1 /usr/share/aps/php/aps/2/runtime.php(363): APS\\Loader->process()",
    "#2 [internal function]: APS\\Loader->__destruct()",
    "#3 {main}"
    ],
    "error": "ApplicationUnknownError"

Or with the following error message:

    500 Internal Error
    [ApplicationUnknownError] SSL client certificate is not found in the request.

    Body: {
    "code": 500,
    "type": "Exception",
    "message": "SSL client certificate is not found in the request. ",
    "error": "ApplicationUnknownError"
    }

Application certificate with correct CN was generated for Application on endpoint.

Cause

This issue caused by incorrect Apache SSL settings on the endpoint. APS controller certificate controller.pem does not have CA and it is correct, but SSLVerifyClient is required on endpoint host:

    # grep SSLVerifyClient /etc/httpd/conf.d/ssl.conf
    SSLVerifyClient required

Resolution

In order to resolve this issue perfrom the following steps:

1. Change value for SSLVerifyClient from required to optional_no_ca in /etc/httpd/conf.d/ssl.conf configuration file on Application endpoint:

   # grep SSLVerifyClient /etc/httpd/conf.d/ssl.conf
   SSLVerifyClient optional_no_ca
   

2. Save changes and restart the apache service:

   # service httpd restart
   

3. Resubmit failed tasks.

Internal content