We moved this page to our Documentation Portal. You can find the latest updates here. |
Issue
When you try to log in to OnApp under the admin account protected with Yubikey, you get the following error: "Service is temporarily unavailable and Invalid Yubikey."
Resolution
To resolve the issue, you need to update the certificate chain.
For OnApp 5.0 =< OnApp < 5.5
1. Go to YubiKey Authentication page to download the chain.pem file to CP.
2. Change the owner of the patched .pem file
# chown root:root #pem_file_location#
3. Locate and backup current chain.pem file (OnApp version 5.0 example):
# find /usr/lib*/ruby -name \*chain.pem
/usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem
# cp -av /usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem /usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem.bak
4. Put into place new chain.pem file
# cp -av #pem_file_location# /usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem
5. Restart OnApp Control Panel services: onapp, httpd
For OnApp 5.5 =< versions < 6.1
1. Run the following command:
# yum update rubygem-yubikey
2. Restart OnApp Control Panel services: onapp, httpd.
For OnApp versions 6.1
1. Run the following command:
# yum update rubygem-onapp-core
2. Restart OnApp Control Panel services: onapp, httpd.
For OnApp versions 6.2 (including 6.2 Patch 1)
1. Go to YubiKey Authentication page to download the chain.pem file to CP.
2. Change the owner of the patched .pem file
# chown root:root #pem_file_location#
3. Locate and backup current chain.pem file (OnApp version 5.0 example):
# find /usr/lib*/ruby -name \*chain.pem
/usr/lib64/ruby/gems/2.5.0/gems/yubikey-1.4.1/lib/cert/chain.pem
/usr/lib64/ruby/gems/2.5.0/gems/onapp-core-6.2.3/config/yubikey_cert_chain.pem
# cp -av /usr/lib64/ruby/gems/2.5.0/gems/onapp-core-6.2.3/config/yubikey_cert_chain.pem /usr/lib64/ruby/gems/2.5.0/gems/onapp-core-6.2.3/config/yubikey_cert_chain.pem.bak
4. Put into place new chain.pem file
# cp -av #pem_file_location# /usr/lib64/ruby/gems/2.5.0/gems/onapp-core-6.2.3/config/yubikey_cert_chain.pem
5. Restart OnApp Control Panel services: onapp, httpd
Cause
Expired certificate inside `Yubikey` gem.