Symptoms
During the provisioning of APS application, several tasks failed with the following errors:
Provisioning "globals" for APS application sfr_cnbsoap
Internal error:
500 Internal Error
[ApplicationUnknownError] Unauthorized access. Saved controller certificate and received are different. (Instance ID: <Instance_ID>).
Body: {
"code": 500,
"type": "Exception",
"message": "Unauthorized access. Saved controller certificate and received are different. (Instance ID: <Instance_ID>)",
"stacktrace":
[
"#0 /usr/share/aps/php/aps/2/runtime.php(351): APS\\Loader->handleHttpRequest()",
"#1 /usr/share/aps/php/aps/2/runtime.php(363): APS\\Loader->process()",
"#2 [internal function]: APS\\Loader->__destruct()",
"#3 {main}"
],
"error": "ApplicationUnknownError"
Or with the following error message:
500 Internal Error
[ApplicationUnknownError] SSL client certificate is not found in the request.
Body: {
"code": 500,
"type": "Exception",
"message": "SSL client certificate is not found in the request. ",
"error": "ApplicationUnknownError"
}
Application certificate with correct CN was generated for Application on endpoint.
Cause
This issue caused by incorrect Apache SSL settings on the endpoint. APS controller certificate controller.pem
does not have CA and it is correct, but SSLVerifyClient
is required on endpoint host:
# grep SSLVerifyClient /etc/httpd/conf.d/ssl.conf
SSLVerifyClient required
Resolution
In order to resolve this issue perfrom the following steps:
Change value for
SSLVerifyClient
fromrequired
tooptional_no_ca
in/etc/httpd/conf.d/ssl.conf
configuration file on Application endpoint:# grep SSLVerifyClient /etc/httpd/conf.d/ssl.conf SSLVerifyClient optional_no_ca
Save changes and restart the apache service:
# service httpd restart
- Resubmit failed tasks.