4 Replies Latest reply: Dec 14, 2017 7:04 AM by Andyinv2 RSS

ScaleIO Login API error

ritujain

Hi there,


I am using following api to login to ScaleIO version 2.0.13000.211 - /api/login

But instead of returning the authentication key, it returns "certificate not trusted"

 

{"message":"","httpStatusCode":428,"errorCode":0,"certificate":{"Serial Number":"1","Subject":"OU=ASD, O=EMC, C=US, ST=Massachusetts, L=Hopkinton, CN=ScaleIO-123-123-123-123, GIVENNAME=MDM","Signature Algorithm":"SHA1withRSA","Signature":"[B@5fbb1d1a","Issuer":"OU=ASD, O=EMC, C=US, ST=Massachusetts, L=Hopkinton, CN=ScaleIO-123-123-123-123, GIVENNAME=MDM","Valid-From":"Wed Nov 29 17:46:03 UTC 2017","Valid-To":"Sun Nov 28 18:46:03 UTC 2027","Key-Usage":"Not Available","Public Key":"[B@512953b3","Thumbprint Algorithm":"SHA-1","Thumbprint":"c4 0b 34 rt 61 e4 bc 2a 01 81 a5 0b 41 9a 5b 05 fd cd 76 0e "},"typeOfError":"SERVER_CERTIFICATE_NOT_TRUSTED"}



What does this mean and how can it be fixed? Does this mean that API is not supported?

 

 

 

Thank you,

RItu

 

PS. Information changed in response.

  • 1. Re: ScaleIO Login API error
    dstratton

    please try to login to the IM Web GUI and connect to the MDM from the Maintain Tab.

    If displays a certificate warning, you should be able to add it to the gateway's keystore.

     

    Im wondering what the "localhost_access_log.log" shows

     

    can we try the CURL command below?

    curl -k -v --basic --user admin:<PASSWORD> https://<GATEWAY IP>/api/login

     

    Im also wondering  if when you try the CURL command using the gateway with which you installed the ScaleIO system,

    if your able to get a key(token) in the HTTP response.

     

    basically seen this in an instance from https://community.emc.com/message/992052?et=watches.email.thread#992052

  • 2. Re: ScaleIO Login API error
    Andyinv2

    two options: one is to use the insecure option for CURL

     

    -k, --insecure (SSL) This option explicitly allows curl to perform "insecure" SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" fail unless -k, --insecure is used.


    The other is to get a properly signed and trusted certificate (preferably with your own PKI) into ScaleIO, so you can trust it.

  • 3. Re: ScaleIO Login API error
    ritujain

    Thank you for a quick response dstratton

     

    Where can we find "localhost_access_log.log" ? This is customers environment, so it may take some time to try above things.

  • 4. Re: ScaleIO Login API error
    Andyinv2

    It's not an issue you'll see in server-side logs - it's the fact you don't have a trusted certificate in place. The documentation explains the process for creating your own keystore and placing your certificate in it.