Wiki Admin

Error - F_JG2194 Remote Certificate Does Not Match Required Certificate

Export as HTML Export as PDF Export as DOCX
Edit

Documentation: Error - F_JG2194 Remote Certificate Does Not Match Required Certificate

Error: F_JG2194: Remote Certificate Does Not Match Required Certificate

Issue

The following error occurs when multiple DSS Agent machines are configured to connect to the same location (e.g., when used in a cluster such as Oracle RAC or redundancy/failover):

F_JG2194: Remote certificate does not match required certificate.

Environment

  • DSS 6
  • Multiple DSS Agent machines connecting to same location (e.g., Oracle RAC)

Resolution

To resolve this issue, do the following:

  1. Copy the DSS Agent configuration files (dssagent.user and dssagent.conf available in DSS_CONFIG/etc directory) from one agent machine (or primary RAC node) to the rest of the agent machines (or nodes). This ensures that the agent property Agent_Server_Public_Certificate across all agent machines (or RAC nodes) is the same.
  2. (optional) If a connection to an agent machine (or RAC node) was already established when this error occurred, unset the location property Agent_Server_Public_Certificate from the UI (by editing the location's properties) or the CLI using the command dsslocationconfig:
    dsslocationconfig <em>hubname</em> <em>locationname</em> Agent_Server_Public_Certificate=

Cause

This issue occurs because the public certificate of the DSS Agent stored in the hub repository (location property Agent_Server_Public_Certificate) does not match with the agent machine (or Oracle RAC node) to which the DSS hub is establishing a connection. For more information about DSS Agent connection, see section Agent Connection.

When the DSS hub connects to the agent for the first time, it copies the agent server public certificate from the agent property Agent_Server_Public_Certificate to the location property Agent_Server_Public_Certificate (stored in the repository database). By default, every agent machine has a unique public certificate.

In scenarios with multiple agent machines, when a connection between the DSS hub and a agent machine is being established, the DSS hub uses the value in the location property Agent_Server_Public_Certificate (stored in the repository database) to validate the agent machine, regardless of the specific agent machine to which it connects. Therefore, it is required to have the same public certificate in all agent machines to establish a successful connection.