(sec.core-116) An SSL connection IO error has occurred.

Hi, I get the following error and don't know what is going wrong. I checked the certificates and for me everithing seems to be right.

Note: MgmtSrv and Node are the same system (Solaris 10). Agent 08.17.000, OVOU 8.29

s35:# opcragt -status s35
Node s35:

Cannot get status information from node s35. (OpC40-428)
Network communication problems occurred. (OpC40-427)

-------------------------------------------------------------------------------
CTRL - CommunicationException:
-------------------------------------------------------------------------------
(ctrl-21) Communication error when executing 'Status' method.
(sec.core-116) An SSL connection IO error has occurred. This may be due to a network problem or an SSL handshake error. Possible causes for SSL handshake errors are that no certificate is installed, an invalid certificate is installed, or the peer does not trust the initiator's certificate. (OpC40-2130)
Probably the certificates don't fit together or a certificate is
missing. Check whether the OVO server certificate is trusted on the node
and vice versa as follows. On the OVO server call:
"/opt/OV/bin/ovcert -certinfo `/opt/OV/bin/ovcoreid -ovrg server`"
Check whether the ID mentioned in the line beginning with "Issuer CN:"
appears in the output of command "ovcert -list" called on the node in the
trusted certificates section.
On the node call "ovcert -certinfo `ovcoreid`". Check whether the ID
mentioned in the line beginning with "Issuer CN:" appears in the output
of command "ovcert -list" called on the OVO server. The ID must be listed
in the trusted certificates for the "Keystore Content (OVRG: server)" section. (OpC40-2174)
Failed.


s35:# /opt/OV/bin/ovcert -certinfo
ERROR: (sec.cm.client-99) Parameter is missing.
s35:# /opt/OV/bin/ovcert -certinfo `/opt/OV/bin/ovcoreid -ovrg server`

Type : X509Certificate
Subject CN : c5891e28-2001-750c-1a2f-b9efb7629ffd
Subject DN : L: s35.nicelab.de
O: Hewlett-Packard
OU: OpenView
CN: c5891e28-2001-750c-1a2f-b9efb7629ffd
Issuer CN : CA_4d53ad4a-93ec-752c-198a-c828aee1020d
Issuer DN : L: s35
O: Hewlett-Packard
OU: OpenView
CN: CA_4d53ad4a-93ec-752c-198a-c828aee1020d
Serial no. : 03
Valid from : 04/07/08 16:31:24 GMT
Valid to : 04/03/28 16:31:24 GMT
Hash (SHA1): D3:AE:DE:8A:A7:3D:55:0E:D4:B3:E0:4B:68:CB:17:8D:10:C0:5F:B5

s35:# ovcert -list
---------------------------------------------------------
| Keystore Content |
---------------------------------------------------------
| Certificates: |
| 4d53ad4a-93ec-752c-198a-c828aee1020d (*) |
| c5891e28-2001-750c-1a2f-b9efb7629ffd (*) |
---------------------------------------------------------
| Trusted Certificates: |
| CA_4d53ad4a-93ec-752c-198a-c828aee1020d |
---------------------------------------------------------

---------------------------------------------------------
| Keystore Content (OVRG: server) |
---------------------------------------------------------
| Certificates: |
| 4d53ad4a-93ec-752c-198a-c828aee1020d (*) |
---------------------------------------------------------
| Trusted Certificates: |
| CA_4d53ad4a-93ec-752c-198a-c828aee1020d (*) |
---------------------------------------------------------
Parents
  • Following are the steps which have helped me most of situation where i was not able to find a logical answer. Please make sure your mgmt server is reachable via "bbcutil -ping"

    1. Forcefully create new coreid
    ovcoreid -create -force

    2. Issue a new certificate on mgmt server
    ovcm -issue -file -pass -name -coreid

    3. Copy the cert file to agent and import the certificate
    ovcert -importcert -file -pass

    4. Check the status

    Hope this helps you as well

    Pradeep
Reply
  • Following are the steps which have helped me most of situation where i was not able to find a logical answer. Please make sure your mgmt server is reachable via "bbcutil -ping"

    1. Forcefully create new coreid
    ovcoreid -create -force

    2. Issue a new certificate on mgmt server
    ovcm -issue -file -pass -name -coreid

    3. Copy the cert file to agent and import the certificate
    ovcert -importcert -file -pass

    4. Check the status

    Hope this helps you as well

    Pradeep
Children