(DP) Support Tip: omnigencert.pl does not generate all certificate files if machine is not in DNS

When the cell server is not registerred in DNS, the standard form of omnigencert.pl may fail to create all needed cell server server and client certificate files :

perl omnigencert.pl -server_id <servername> -user_id hpdp -store_password <password>

If files like ca.truststore, server.truststore are missing in certificates directory, it may help to use an extended form of the command :

perl omnigencert.pl -server_id <servername> -server_san dns:<servername> -user_id hpdp -store_password <password>

 PS: make sure you use correct store password, as defined in AppServer config files.

 

Tags:

Parents Reply Children
  • If the GUI is prompting you for a username/password when you connect, it is not an SSL issue.  The problem is that nothing in user_list matches your AD credentials where you are running the GUI from.

    If you did generate a new SSL cert, be sure to stop and restart DP services on the cell manager.  Otherwise the app server will not have the current cert loaded.

     

  • What does AD have to do with it?  And since it is the GUI for my current DP set up I assume that the user should be the same for both environments.  I have stopped and restarted DP more times that I care to admit.  Everytime i try a new certificate combo I stop and restart....

    tried:
    perl -CA /opt/omni/sbin/omnigencert.pl -server_id s928-busapdp1.ssmhc.com -user_id hpdp -store_password ********
    result:
    asked for username/password

    tried:
    /opt/omni/bin/perl /opt/omni/sbin/omnigencert.pl -server_id s928-busapdp1.ssmhc.com -user_id hpdp -store_password ******** -cert_expire 3065
    result:
    asked for username/password

    tried:
    /opt/omni/bin/perl /opt/omni/sbin/omnigencert.pl -server_id s928-busapdp1.ssmhc.com -user_id hpdp -store_password ******** -cert_expire 3065 -recreate
    result:
    asked for username/password

    I am baffled by what user it is trying to connect as and why it even is asking.

  • You gave me an idea.  I copied the UserList from the working DP9 system to the new one.  I can connect...almost.  New error now so new question to post.

  • You are running the GUI from a Windows machine, yes?  Are you logged in to that Windows machine with a local machine account or a domain login?  The latter is what I'm referring to as an AD account.  So what credentials did you use to login to your Windows machine?

    Check your DP userlist file.  Do you see a DP user with those AD credentials listed?  If not, please add an entry for such.

    If you have further issues, please open a support case with the Response Center.  Thanks.