Certificate error on app deployment

If you upgraded from IBM Cloud Pak for Security V1.3.0, or if you are using your own certificates that do not have extendedKeyUsage set correctly, you might experience this problem.

Symptoms

Edge Gateway is paired and you attempt to deploy an app with a certificate file generated from the application and referenced in the app.config file as default. When you deploy your app, you see the following error in the app log file:

Unable to lock /opt/app-root/src/.resilient/resilient_circuits_lockfile: HTTPSConnectionPool(host='cases-
rest.cp4s55.ite1.isc.ibmcloudsecurity.com', port=443): Max retries exceeded with url: /rest/session (Caused by 
SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))

Causes

This can occur if you are using your own certificates and do not have extendedKeyUsage set correctly.

Resolving the problem

  1. Use the following commands to regenerate the certificates for the cases-rest and cases-stomp routes and the CA:
    oc delete secret isc-cases-rest-default-cert
oc delete secret isc-cases-rest-default-stomp
oc delete secret isc-cases-ca-default-cert

    This causes the operator to generate new certificates for these routes on its next reconciliation loop.

  2. Reinstall your app, and the correct certificates are added to the app deployment.