OpenDaylight JIRA https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 [NETCONF-598] Keys and certificates used for Netconf over TLS not found after restart, Fluorine SR1 https://jira.opendaylight.org/browse/NETCONF-598 netconf <p>Keys and certificates used for Netconf over TLS are configured using the RPCs in the opendaylight:netconf-keystore Yang model. After a restart of ODL, the netconf connector is unable to find keys and certificates that were configured before the restart. It throws an exception saying for example "Unable to find private key".</p> <p>The keys and certificates can be read out over the restconf interface also after a restart, so they seem to be persistently stored. But internally, the netconf connector seem unaware of them, or unable to find them after the restart.</p> NETCONF-598 Keys and certificates used for Netconf over TLS not found after restart, Fluorine SR1 Bug Medium Resolved Done Jakub Morvay Martin Sandberg Mon, 14 Jan 2019 12:16:31 +0000 Thu, 17 Jan 2019 15:56:21 +0000 Thu, 17 Jan 2019 15:56:21 +0000 Fluorine Neon Fluorine SR1 Neon Fluorine SR2 netconf 0 2 <p>Hi <a href="https://jira.opendaylight.org/secure/ViewProfile.jspa?name=Martin_S" class="user-hover" rel="Martin_S">Martin_S</a>, is it possible for you to provide me with the RPCs you use to configure keys and certificates? </p> <p>Also karaf log with the exception would be useful.</p> <p>karaf log and restconf calls attached.</p> <p>Immediatly after restart, ODL enters a fast loop, where it keeps retrying to setup the netconf connection but fails when it can't find it's own private key it seems. This cyclic behavior is also reported in <a href="https://jira.opendaylight.org/browse/NETCONF-597" title="Improve robustness of Netconf over TLS setup procedure, Fluorine SR1" class="issue-link" data-issue-key="NETCONF-597">NETCONF-597</a>. </p> <p>I realize I didn't say so explicitly, but this test uses the ordinary non-clustered toplogy. The scenario is to configure the keys and certificates with the attached restconf calls, then successfully setup a netconf/tls connection to the device. After that, close down ODL and restart it. During restart, ODL reads the persistently stored connection configuration of the device and enters the unsuccessful cyclic setup attempt behavoir.</p> Development Rank 0|i03m3b: