HP Diagnostics Certification

Hi all;

 

i have a problem with HP diagnostics certification. Diag version is 9.24 windows. When i try to register diag server from bsm/admin, it occurs certification problem. i attached a screenshot here.

 

than i searched this problem and according hp forums i run some command on diagnostics. here are outputs. diag has not certificate. but consider that there is no firewall between bsm server and diag server. please check my commands output. do you need further informations?

 

i run these commands on diag server

 

C:\Users\BSB02765>ovc -status


coda          OV Performance Core                  COREXT       (3280)   Running
opcacta       OVO Action Agent                      AGENT,EA     (1116)   Running
opcle         OVO Logfile Encapsulator          AGENT,EA     (5532)   Running
opcmona       OVO Monitor Agent                 AGENT,EA     (2700)   Running
opcmsga       OVO Message Agent                 AGENT,EA     (5968)   Running
opcmsgi       OVO Message Interceptor           AGENT,EA     (5288)   Running
opctrapi      OVO SNMP Trap Interceptor         AGENT,EA     (5932)   Running
ovbbccb       OV Communication Broker           CORE         (484)    Running
ovcd          OV Control                        CORE         (1336)   Running
ovconfd       OV Config and Deploy              COREXT       (4016)   Running

 

C:\Users\BSB02765>ovcert -check

 

OvCoreId set                       : OK
Private key installed              : FAILED
Certificate installed              : FAILED
Certificate valid                  : FAILED
Trusted certificates installed     : FAILED
Trusted certificates valid         : FAILED

Check failed.

 

C:\Users\BSB02765>ovcert -list


---------------------------------------------------------
| Keystore Content                                        |
---------------------------------------------------------
| Certificates:                                           |
---------------------------------------------------------
| Trusted Certificates:                                   |
---------------------------------------------------------

 

\Users\ovuser>ovcm -listpending


ROR:   (sec.cm.client-55) Call to server failed.
        (sec.core-113) SSL certificate verification error (The presented peer certificate is not trusted. The certificate verification chain could not be built.).

 

regards.

Parents
  • Try to recreate the OA cert:

     

    1. ovc -kill
    2. ovc -start CORE
    3. ovcert -list Check the cert appear
    4. Grant cert request from BSM
    5. ovcert -list Check cert exchange
  • hi kenneth;

     

    from diag :

     

    >ovcert -status
    Status: Certificate request is pending.

     

    from BSM i try to grand cert  but:

     

    ovcm -grant -host diagsrver
    ERROR:   (sec.cm.client-55) Call to server failed.
              (sec.core-113) SSL certificate verification error (The presented
             peer certificate is not trusted. The certificate verification chain
             could not be built.).

     

    and i see that 443 port is inactive from bsm to diag?? but i network admin said allowed all ports between bsm and diag

     

    telnet hpdiagsrv 443
    Connecting To hpdiagsrv...Could not open connection to the host, on port 443: Co
    nnect failed

     

    is 443 port must or not?

  • Try to grant this way:

     

    ovcm -listpending -l
    ovcm -grant <request ID>
    • At the Diag server confirm that the certificates have been granted
      ovcert -list
    • Update the trusted certificates
      ovcert -updatetrusted
  • Try to grant this way:

     

    ovcm -listpending -l
    ovcm -grant <request ID>
    • At the Diag server confirm that the certificates have been granted
      ovcert -list
    • Update the trusted certificates
      ovcert -updatetrusted
  • Try to grant this way:

     

    ovcm -listpending -l
    ovcm -grant <request ID>
    • At the Diag server confirm that the certificates have been granted
      ovcert -list
    • Update the trusted certificates
      ovcert -updatetrusted
  • hi all;

     

    thanks your effort but i do not understand what is my real problem.

     

    as you say i run commands but here are outputs

     

    from BSM

     

    ovcm -listpending -l
    ERROR:   (sec.cm.client-55) Call to server failed.
              (sec.core-113) SSL certificate verification error (The presented
             peer certificate is not trusted. The certificate verification chain
             could not be built.).

     

    >ovcm -grant -host hpdiagsrv
    ERROR:   (sec.cm.client-55) Call to server failed.
              (sec.core-113) SSL certificate verification error (The presented
             peer certificate is not trusted. The certificate verification chain
             could not be built.).

     

    than i try to export manually

     

    >ovcm -exportcacert -file c:\cacert\bsm.cer
           * Enter password: *****
           * Retype password: *****
    INFO:    CA certificate was successfully exported to file 'c:\cacert\bsm.cer'.

     

    than import this bsm.cer to diagnostics server but nothing has changed:

     

    from diag server:

     

    >ovcert -status
    Status: Certificate request is pending.

     

    than i run this command on diag server >ovcert -trust hpbsm01.abank.com.tr

     

    and result is :

     

    C:\Users\BSB02765>ovcert -list
    ---------------------------------------------------------
    | Keystore Content                                        |
    ---------------------------------------------------------
    | Certificates:                                           |
    ---------------------------------------------------------
    | Trusted Certificates:                                   |
    |     CA_3c8647b2-d3a8-7557-065d-b30f0a7271f9             |
    ---------------------------------------------------------

     

    but after all, from bsm platform certificate requests are empty?

     

    what can be the next step?

     

    regards.

     

     

  • hi all;

     

    thanks your effort but i do not understand what is my real problem.

     

    as you say i run commands but here are outputs

     

    from BSM

     

    ovcm -listpending -l
    ERROR:   (sec.cm.client-55) Call to server failed.
              (sec.core-113) SSL certificate verification error (The presented
             peer certificate is not trusted. The certificate verification chain
             could not be built.).

     

    >ovcm -grant -host hpdiagsrv
    ERROR:   (sec.cm.client-55) Call to server failed.
              (sec.core-113) SSL certificate verification error (The presented
             peer certificate is not trusted. The certificate verification chain
             could not be built.).

     

    than i try to export manually

     

    >ovcm -exportcacert -file c:\cacert\bsm.cer
           * Enter password: *****
           * Retype password: *****
    INFO:    CA certificate was successfully exported to file 'c:\cacert\bsm.cer'.

     

    than import this bsm.cer to diagnostics server but nothing has changed:

     

    from diag server:

     

    >ovcert -status
    Status: Certificate request is pending.

     

    than i run this command on diag server >ovcert -trust hpbsm01.abank.com.tr

     

    and result is :

     

    C:\Users\BSB02765>ovcert -list
    ---------------------------------------------------------
    | Keystore Content                                        |
    ---------------------------------------------------------
    | Certificates:                                           |
    ---------------------------------------------------------
    | Trusted Certificates:                                   |
    |     CA_3c8647b2-d3a8-7557-065d-b30f0a7271f9             |
    ---------------------------------------------------------

     

    but after all, from bsm platform certificate requests are empty?

     

    what can be the next step?

     

    regards.

     

     

  • hi all;

     

    thanks your effort but i do not understand what is my real problem.

     

    as you say i run commands but here are outputs

     

    from BSM

     

    ovcm -listpending -l
    ERROR:   (sec.cm.client-55) Call to server failed.
              (sec.core-113) SSL certificate verification error (The presented
             peer certificate is not trusted. The certificate verification chain
             could not be built.).

     

    >ovcm -grant -host hpdiagsrv
    ERROR:   (sec.cm.client-55) Call to server failed.
              (sec.core-113) SSL certificate verification error (The presented
             peer certificate is not trusted. The certificate verification chain
             could not be built.).

     

    than i try to export manually

     

    >ovcm -exportcacert -file c:\cacert\bsm.cer
           * Enter password: *****
           * Retype password: *****
    INFO:    CA certificate was successfully exported to file 'c:\cacert\bsm.cer'.

     

    than import this bsm.cer to diagnostics server but nothing has changed:

     

    from diag server:

     

    >ovcert -status
    Status: Certificate request is pending.

     

    than i run this command on diag server >ovcert -trust hpbsm01.abank.com.tr

     

    and result is :

     

    C:\Users\BSB02765>ovcert -list
    ---------------------------------------------------------
    | Keystore Content                                        |
    ---------------------------------------------------------
    | Certificates:                                           |
    ---------------------------------------------------------
    | Trusted Certificates:                                   |
    |     CA_3c8647b2-d3a8-7557-065d-b30f0a7271f9             |
    ---------------------------------------------------------

     

    but after all, from bsm platform certificate requests are empty?

     

    what can be the next step?

     

    regards.

     

     

Reply
  • hi all;

     

    thanks your effort but i do not understand what is my real problem.

     

    as you say i run commands but here are outputs

     

    from BSM

     

    ovcm -listpending -l
    ERROR:   (sec.cm.client-55) Call to server failed.
              (sec.core-113) SSL certificate verification error (The presented
             peer certificate is not trusted. The certificate verification chain
             could not be built.).

     

    >ovcm -grant -host hpdiagsrv
    ERROR:   (sec.cm.client-55) Call to server failed.
              (sec.core-113) SSL certificate verification error (The presented
             peer certificate is not trusted. The certificate verification chain
             could not be built.).

     

    than i try to export manually

     

    >ovcm -exportcacert -file c:\cacert\bsm.cer
           * Enter password: *****
           * Retype password: *****
    INFO:    CA certificate was successfully exported to file 'c:\cacert\bsm.cer'.

     

    than import this bsm.cer to diagnostics server but nothing has changed:

     

    from diag server:

     

    >ovcert -status
    Status: Certificate request is pending.

     

    than i run this command on diag server >ovcert -trust hpbsm01.abank.com.tr

     

    and result is :

     

    C:\Users\BSB02765>ovcert -list
    ---------------------------------------------------------
    | Keystore Content                                        |
    ---------------------------------------------------------
    | Certificates:                                           |
    ---------------------------------------------------------
    | Trusted Certificates:                                   |
    |     CA_3c8647b2-d3a8-7557-065d-b30f0a7271f9             |
    ---------------------------------------------------------

     

    but after all, from bsm platform certificate requests are empty?

     

    what can be the next step?

     

    regards.

     

     

Children