Issue


When logging in to OnApp via the admin account protected with Yubikey, the following message appears:
"Service is temporarily unavailable and Invalid Yubikey."


Resolution


To resolve the issue, you need to update the certificate chain. 

For OnApp 5.0 =< OnApp < 5.5

  1. Download the chain.pem file to the CP.
  2. Change the owner of the patched .pem file:

    # chown root:root #pem_file_location#
    CODE
  3. Locate and backup the current chain.pem file (OnApp 5.0 version example):

    # find /usr/lib*/ruby -name \*chain.pem
    /usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem
    # cp -av /usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem /usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem.bak 
    CODE
  4. Put into place a new chain.pem file:

    # cp -av #pem_file_location# /usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem
    CODE
  5. Restart the OnApp Control Panel services: onapp, httpd.


For OnApp 5.5 =< versions < 6.1

  1. Run the following command:

    # yum update rubygem-yubikey
    CODE
  2. Restart the OnApp Control Panel services: onapp, httpd.


For OnApp versions 6.1

  1.  Run the following command:

    # yum update rubygem-onapp-core
    CODE
  2. Restart the OnApp Control Panel services: onapp, httpd.


For OnApp versions 6.2 (including 6.2 Patch 1)

  1. Download the chain.pem to the CP.
  2. Change the owner of the patched .pem file:

    # chown root:root #pem_file_location#
    CODE
  3. Locate and backup the current chain.pem file (OnApp 5.0 version example):

    # find /usr/lib*/ruby -name \*chain.pem
    /usr/lib64/ruby/gems/2.5.0/gems/yubikey-1.4.1/lib/cert/chain.pem
    /usr/lib64/ruby/gems/2.5.0/gems/onapp-core-6.2.3/config/yubikey_cert_chain.pem
    # cp -av /usr/lib64/ruby/gems/2.5.0/gems/onapp-core-6.2.3/config/yubikey_cert_chain.pem /usr/lib64/ruby/gems/2.5.0/gems/onapp-core-6.2.3/config/yubikey_cert_chain.pem.bak
    CODE
  4. Put into place a new chain.pem file:

    # cp -av #pem_file_location# /usr/lib64/ruby/gems/2.5.0/gems/onapp-core-6.2.3/config/yubikey_cert_chain.pem
    CODE
  5. Restart the OnApp Control Panel services: onapp, httpd.


Cause


Expired certificate inside the Yubikey gem.