MOSIP 1.2.0.1-B3 partner onboard issue

Hi again
I have deployed the partner-onboarder module with the following values.yml configuration file. (just default)

onboarding:
  modules:
    - name: ida
      enabled: true
    - name: print
      enabled: true
    - name: abis
      enabled: true
    - name: resident
      enabled: true
    - name: mobileid
      enabled: true
    - name: digitalcard
      enabled: false
    - name: esignet
      enabled: false
    - name: demo-oidc
      enabled: false
    - name: resident-oidc
      enabled: false
    - name: mimoto-keybinding
      enabled: true

After the pod starts, I checked the pod logs and the generated reports, and it seems to be related to certificate downloading issues. Below is an excerpt from one of the pod logs and the report.
How should I address this problem? I chose the option “I don’t have public domain & valid SSL certificate.” Are there any prerequisites or steps I should take before proceeding?

Onboarding default partners
KEYCLOAK_CLIENT = mosip-deployment-client
 KEYCLOAK ADMIN USER : admin
URL : https://api-internal.sandbox.miaxis.com and https://api.sandbox.miaxis.com
Uploading mpartner-default-abis cert
newman

onboarding Copy

❏ cert_download
↳ authenticate-as-cert-manager
  POST https://api-internal.sandbox.miaxis.com/v1/authmanager/authenticate/clientidsecretkey [errored]
     self-signed certificate

┌─────────────────────────┬──────────┬──────────┐
│                         │ executed │   failed │
├─────────────────────────┼──────────┼──────────┤
│              iterations │        1 │        0 │
├─────────────────────────┼──────────┼──────────┤
│                requests │        1 │        1 │
├─────────────────────────┼──────────┼──────────┤
│            test-scripts │        0 │        0 │
├─────────────────────────┼──────────┼──────────┤
│      prerequest-scripts │        2 │        0 │
├─────────────────────────┼──────────┼──────────┤
│              assertions │        0 │        0 │
├─────────────────────────┴──────────┴──────────┤
│ total run duration: 7.3s                      │
├───────────────────────────────────────────────┤
│ total data received: 0B (approx)              │
└───────────────────────────────────────────────┘

  #  failure  detail                                                
                                                                    
 1.  Error                                                          
              self-signed certificate                               
              at request                                            
              inside "cert_download / authenticate-as-cert-manager" 

Do I need to upload the certificates in advance? It seems like there wasn’t any step during the deployment process that required me to upload certificates. Also, my certificates are self-signed. Can I use them?

Hey @ryan

Regarding the certificate upload while partner onboarding , I have asked my team member to check whether the self-signed certificates can be used or not ,so our team will get back to you on this asap.

Best Regards,
Team MOSIP

Here is the complete pod log for the pod " partner-onboarder-ida" during onboarding. Does the log indicate an error during certificate upload? Are these certificates the root-cert.pem and ca.crt from the configmap? These two certificates seem to be self-generated and were automatically copied from the default namespace during the IDA module deployment.

Onboarding default partners
KEYCLOAK_CLIENT = mosip-deployment-client
 KEYCLOAK ADMIN USER : admin
URL : https://api-internal.sandbox.miaxis.com and https://api.sandbox.miaxis.com
Uploading ida root cert
newman

onboarding Copy

❏ cert_download
↳ authenticate-as-cert-manager
  POST https://api-internal.sandbox.miaxis.com/v1/authmanager/authenticate/clientidsecretkey [errored]
     self-signed certificate

┌─────────────────────────┬──────────┬──────────┐
│                         │ executed │   failed │
├─────────────────────────┼──────────┼──────────┤
│              iterations │        1 │        0 │
├─────────────────────────┼──────────┼──────────┤
│                requests │        1 │        1 │
├─────────────────────────┼──────────┼──────────┤
│            test-scripts │        0 │        0 │
├─────────────────────────┼──────────┼──────────┤
│      prerequest-scripts │        2 │        0 │
├─────────────────────────┼──────────┼──────────┤
│              assertions │        0 │        0 │
├─────────────────────────┴──────────┴──────────┤
│ total run duration: 2.4s                      │
├───────────────────────────────────────────────┤
│ total data received: 0B (approx)              │
└───────────────────────────────────────────────┘

  #  failure  detail                                                
                                                                    
 1.  Error                                                          
              self-signed certificate                               
              at request                                            
              inside "cert_download / authenticate-as-cert-manager" 
Uploading ida cert
newman

onboarding Copy

❏ cert_download
↳ authenticate-as-cert-manager
  POST https://api-internal.sandbox.miaxis.com/v1/authmanager/authenticate/clientidsecretkey [errored]
     self-signed certificate

┌─────────────────────────┬──────────┬──────────┐
│                         │ executed │   failed │
├─────────────────────────┼──────────┼──────────┤
│              iterations │        1 │        0 │
├─────────────────────────┼──────────┼──────────┤
│                requests │        1 │        1 │
├─────────────────────────┼──────────┼──────────┤
│            test-scripts │        0 │        0 │
├─────────────────────────┼──────────┼──────────┤
│      prerequest-scripts │        2 │        0 │
├─────────────────────────┼──────────┼──────────┤
│              assertions │        0 │        0 │
├─────────────────────────┴──────────┴──────────┤
│ total run duration: 2.3s                      │
├───────────────────────────────────────────────┤
│ total data received: 0B (approx)              │
└───────────────────────────────────────────────┘

  #  failure  detail                                                
                                                                    
 1.  Error                                                          
              self-signed certificate                               
              at request                                            
              inside "cert_download / authenticate-as-cert-manager" 
Uploading mpartner-default-auth cert
newman

onboarding Copy

❏ cert_download
↳ authenticate-as-cert-manager
  POST https://api-internal.sandbox.miaxis.com/v1/authmanager/authenticate/clientidsecretkey [errored]
     self-signed certificate

┌─────────────────────────┬──────────┬──────────┐
│                         │ executed │   failed │
├─────────────────────────┼──────────┼──────────┤
│              iterations │        1 │        0 │
├─────────────────────────┼──────────┼──────────┤
│                requests │        1 │        1 │
├─────────────────────────┼──────────┼──────────┤
│            test-scripts │        0 │        0 │
├─────────────────────────┼──────────┼──────────┤
│      prerequest-scripts │        2 │        0 │
├─────────────────────────┼──────────┼──────────┤
│              assertions │        0 │        0 │
├─────────────────────────┴──────────┴──────────┤
│ total run duration: 2.6s                      │
├───────────────────────────────────────────────┤
│ total data received: 0B (approx)              │
└───────────────────────────────────────────────┘

  #  failure  detail                                                
                                                                    
 1.  Error                                                          
              self-signed certificate                               
              at request                                            
              inside "cert_download / authenticate-as-cert-manager" 
Uploading ida cred cert to keymanager for zero knowledge encryption
newman

onboarding Copy

❏ cert_download
↳ authenticate-as-cert-manager
  POST https://api-internal.sandbox.miaxis.com/v1/authmanager/authenticate/clientidsecretkey [errored]
     self-signed certificate

┌─────────────────────────┬──────────┬──────────┐
│                         │ executed │   failed │
├─────────────────────────┼──────────┼──────────┤
│              iterations │        1 │        0 │
├─────────────────────────┼──────────┼──────────┤
│                requests │        1 │        1 │
├─────────────────────────┼──────────┼──────────┤
│            test-scripts │        0 │        0 │
├─────────────────────────┼──────────┼──────────┤
│      prerequest-scripts │        2 │        0 │
├─────────────────────────┼──────────┼──────────┤
│              assertions │        0 │        0 │
├─────────────────────────┴──────────┴──────────┤
│ total run duration: 2.2s                      │
├───────────────────────────────────────────────┤
│ total data received: 0B (approx)              │
└───────────────────────────────────────────────┘

  #  failure  detail                                                
                                                                    
 1.  Error                                                          
              self-signed certificate                               
              at request                                            
              inside "cert_download / authenticate-as-cert-manager" 


=========================== PUSHING REPORTS TO S3 ================================================

S3_HOST: http://minio.minio:9000

S3_REGION: 

S3_USER_KEY: admin

S3_USER_SECRET: XzgR4AXrmp

S3_BUCKET_NAME: 

Added `s3` successfully.
mc: <ERROR> Unable to make bucket, please use `mc mb s3/your-bucket-name`. Bucket name cannot be empty.
`/home/mosip/reports/ida-ca.html` -> `s3/reports/ida-ca.html`
`/home/mosip/reports/ida-cred.html` -> `s3/reports/ida-cred.html`
`/home/mosip/reports/ida-root.html` -> `s3/reports/ida-root.html`
`/home/mosip/reports/ida-partner.html` -> `s3/reports/ida-partner.html`
Total: 0 B, Transferred: 196.74 KiB, Speed: 1.97 MiB/s


Reports pushed to minio
Onboarding completed!
1 Like

Alright, I’ve resolved it myself. I checked the install.sh script and the scripts in mosip-onboarding, and I found that the ENABLE_INSECURE variable wasn’t being passed. After modifying the pod’s YAML file, it worked successfully.

Hi @ryan

As I can see your last message according to that your issue is resolved for partner onboarding and you were able to pass ENABLE_INSECURE variable and modifying the pod’s YAML file, it worked successfully.

Just keep a check is there anything else which we can help you out with.

Best Regards,
Team MOSIP.