This post is more than 5 years old
1 Rookie
•
32 Posts
0
5828
December 14th, 2017 06:00
ScaleIO Login API error
Hi there,
I am using following api to login to ScaleIO version 2.0.13000.211 - /api/login
But instead of returning the authentication key, it returns "certificate not trusted"
{"message":"","httpStatusCode":428,"errorCode":0,"certificate":{"Serial Number":"1","Subject":"OU=ASD, O=EMC, C=US, ST=Massachusetts, L=Hopkinton, CN=ScaleIO-123-123-123-123, GIVENNAME=MDM","Signature Algorithm":"SHA1withRSA","Signature":"[B@5fbb1d1a","Issuer":"OU=ASD, O=EMC, C=US, ST=Massachusetts, L=Hopkinton, CN=ScaleIO-123-123-123-123, GIVENNAME=MDM","Valid-From":"Wed Nov 29 17:46:03 UTC 2017","Valid-To":"Sun Nov 28 18:46:03 UTC 2027","Key-Usage":"Not Available","Public Key":"[B@512953b3","Thumbprint Algorithm":"SHA-1","Thumbprint":"c4 0b 34 rt 61 e4 bc 2a 01 81 a5 0b 41 9a 5b 05 fd cd 76 0e "},"typeOfError":"SERVER_CERTIFICATE_NOT_TRUSTED"}
What does this mean and how can it be fixed? Does this mean that API is not supported?
Thank you,
RItu
PS. Information changed in response.
andyinv
37 Posts
0
December 14th, 2017 07:00
two options: one is to use the insecure option for CURL
-k, --insecure (SSL) This option explicitly allows curl to perform "insecure" SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" fail unless -k, --insecure is used.
The other is to get a properly signed and trusted certificate (preferably with your own PKI) into ScaleIO, so you can trust it.
ritu86jain
1 Rookie
•
32 Posts
0
December 14th, 2017 07:00
Thank you for a quick response dstratton
Where can we find "localhost_access_log.log" ? This is customers environment, so it may take some time to try above things.
andyinv
37 Posts
0
December 14th, 2017 07:00
It's not an issue you'll see in server-side logs - it's the fact you don't have a trusted certificate in place. The documentation explains the process for creating your own keystore and placing your certificate in it.
dstratton
33 Posts
1
December 14th, 2017 07:00
please try to login to the IM Web GUI and connect to the MDM from the Maintain Tab.
If displays a certificate warning, you should be able to add it to the gateway's keystore.
Im wondering what the "localhost_access_log.log" shows
can we try the CURL command below?
curl -k -v --basic --user admin: https:// /api/login
Im also wondering if when you try the CURL command using the gateway with which you installed the ScaleIO system,
if your able to get a key(token) in the HTTP response.
basically seen this in an instance from https://community.emc.com/message/992052?et=watches.email.thread#992052
ArtyomM
1 Message
0
June 4th, 2019 01:00
Hi,
I'm using ScaleIO 3.0 and stuck with this stupid HTTP 428 reply. Nothing helped.
I read and read documentation and then tried https:// /api/gatewayLogin and it worked, it returned the token!
So documentation is misleading. Use 'gatewayLogin' instead of 'login' at the end of URL !
Flo_csI
2 Intern
•
167 Posts
0
July 8th, 2020 02:00
Hi @ArtyomM,
I got the same issue and with "security.bypass_certificate_check" is set to true in the file : /opt/emc/scaleio/gateway/webapps/ROOT/WEB-INF/classes/gatewayUser.properties
HTH