Configuring: SSL load balancer and terminate SSL at LB before accessing Release Automation

Document ID : KB000005796
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

A scenario where we want to disable access to Release Automation port 8080 and selected design we opted is to implement below.

1: Hide Release Automation Data Management Servers behind Load balancer running on Secure Port

2: Configure Load balancer over the secure port of Data Management Servers

With above configuration in place you will observe below.

 

  • You will be able to access Release Operation Center User Interface seamless via LB
  • When you are launching ASAP Studio via asap.jnlp you will find below errors in java console(at client end).

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

Environment:
Release Automation Version 6.1 and higher
Cause:

The reason for above where ASAP fail to render over SSL is because it was missing configuration require to secure UI communication.

Resolution:

Please follow step below.

  1. Export the public key of HAProxy into a cert.
  2. Go to document link(respective to RA version)  and follow step 3-8 (under section "Secure UI communication")
  3. Restart the NAC server and try launching asap.

 

Document Links 

Release Version
6.1https://docops.ca.com/ca-release-automation/6-1/en/installation/ca-release-automation-communications-security/secure-communications 
6.2https://docops.ca.com/ca-release-automation/6-2/en/installation/ca-release-automation-communications-security/secure-communications 
6.3https://docops.ca.com/ca-release-automation/6-3/en/installation/ca-release-automation-communications-security/secure-communications