http: TLS handshake error

[nyxneuf]

v2.3.15

[Case#1]

config.toml

monitoring-ssl-cert = "/app/mrm/etc/tls/server.crt" monitoring-ssl-key = "/app/mrm/etc/tls/server.key"

[systemctl Log]

[Case#2]

config.toml

#monitoring-ssl-cert = "/app/mrm/etc/tls/server.crt" #monitoring-ssl-key = "/app/mrm/etc/tls/server.key"

[Log]

time="2024-01-25 10:48:49" level=info msg="No TLS certificate provided using generated key (/tmp/key.pem1148883779) and certificate (/tmp/cert.pem3623622479)" time="2024-01-25 10:48:49" level=info msg="Starting HTTP & JWT API on 0.0.0.0:10005" time="2024-01-25 10:48:49" level=info msg="starting multiplexed TLS HTTP/2.0 and HTTP/1.1 Gateway server: 0.0.0.0:10005"

==============

If you set monitoring-ssl-cert and monitoring-ssl-key, http: TLS handshake error continues to be printed. What's the problem?

[caffeinated92]

You need to clear the browser cache. Sometimes it still save the old cached files. And refresh the page again.

Are you still having the same tls handshake error?

[svaroqui]

Yes those are other very short TTL certificate for JWT they expire with timeout or if replication-manager is restarted because the browser still polling the server it come back with a bad JWT token and in result we get that error according to some dev it can not be fixed the way it work with rpc

[svaroqui]

Hello nyxneuf Can you please provide your full config without password to try to reproduce and the log when you start with tls enabled

[nyxneuf]

OS : Rocky Linux 8.9 x86_64 SRM : v.2.3.15 cluster1.toml.txt config.toml.txt os_messages.txt replication-manager.log

It doesn't seem to be a problem with v.2.3. A tls error occurs in all versions.

[ahfa92]

Usually this is a general error when the browser cached the old file. You just need to clear the browser cache and refresh when you restarted the SRM.

Can you give us the sample or description of the certificate i.e. wildcard, domain or else?