Password Incorrect When Updating Certificate For Looker Insights 21.10

Issue MAC VERIFY ERROR invalid password.

In Modifying Insights Configurations , step 5 to import the Certificate into Looker, does not work.

From the install-certificate.log the below error is thrown:

1bash-4.4# cat /app/.deploy/install-certificate.log

2+ PFX_FILE=/app/.deploy/cert.pfx

3+ [[ ! -f /app/.deploy/cert.pfx ]]

4+ [[ -n firstInstall ]]

5+ [[ firstInstall == \u\p\d\a\t\e ]]

6+ mkdir -p /app/workdir/.ssl

7+ cd /app/workdir/.ssl

8+ [[ -z AuPIZJwenh4SMCg0WqDo ]]

9+ echo AuPIZJwenh4SMCg0WqDo

10+ echo 'Import the Certificate to looker...'

11Import the Certificate to looker...

12+ cp /app/.deploy/cert.pfx /app/workdir/.ssl

13+ openssl pkcs12 -in cert.pfx -passin pass: -out cert.pem -nokeys

14Mac verify error: invalid password?

The PFX that is input is supposed to be passwordless (based on the current implementation). If cert.pfx with no password is generated and running step 5 in the update cert command, it will work.

It is difficult to generate a certificate without a password as it needs special commands. However, download the 22.4 Looker PreInstallation Tool.exe tool and it will actually generate that file.

Work Around:

Generate the correct certificate using the 22.4 lookerPreInstallationTool, but it would be confusing as a standard way of updating the certificate.

For the workaround:

  1. Download the preinstallation tool:
  2. Follow the prompts
    1. For the Linux VM specify the Insights hostname (in this case the Windows machine)
    2. For the certificate specify the correct certificate
    3. SMTP - NO
    4. Windows Auth - NO
    5. Dashboard migration - No
    6. Specify a convinient place for the zip file that is generated
  3. Open the zip file and find the cert.pfx. Copy it to the _insights directory
  4. Now run the original update command:

$HostName = "localhost" # Your hostname
$LookerPassword = "xxxx" # Decrypted lookerpassword from LookerSecret file
$CertificatePassword = "xxxx" # Decrypted CertificatePassword from LookerSecret file

docker exec -e HOSTNAME=$HostName -e LookerPassword=$LookerPassword -e CertPass=$CertificatePassword -e ConfigMode=update looker-container bash /app/looker-init-job/scripts/