tbreeden Absent Member.
Absent Member.
2551 views

External Certificate Problems on Second Primary Server

On attempting to install a second primary ZCM server, 10.3, on SLES 11, all seems to go well until I enter the new server's certificate, which was issued by the same CA as the first one:

"The issuer of the SSL Certificate used in authentication to the first primary
serve/r does not match the issuer of the specified server certificate."

which shows in the install log file like this:

"com.novell.zenworks.install.customcode.configure.ConfigSSLAction FatalInstallException: The issuer of the
specified signed server certificate doesn't match the CA certificate subject."

(I've found a couple of similar posts two and three years ago, but no solution posted).

At the start of the install, the first primary server's certificate is obtained from it and I am asked if I trust it. The info shown then looks correct and I say "Y". The "issuer" information on that accepted certificate seems to be identical to that on the second primary server's certificate.

Both certificates are good through 2011. The Issuer certificate is good until 2020.

So, any idea about what is going on?


TID 7002165 "ZCM installation ERROR: SSL Certificate used in authentication does not match certificates provided" seems to be similar, though the error wording is not the same, and it is said to be fixed in 10.2.
Has anyone used the workaround discussed there anyway? (I've spend so much time trail-and-erroring on this install I'd really appreciate any suggestions).

Thanks,

Tom
Labels (2)
0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: External Certificate Problems on Second Primary Server

tbreeden,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

0 Likes
tbreeden Absent Member.
Absent Member.

Re: External Certificate Problems ... - Resolution

In case anyone else experiences this, it was apparently due to the fact that our University issues server certificates signed by an intermediate certificate, that even if trusted, was rejected by the shell installation on SLES 11 SP1.

Development thought that problem had been fixed with 10.3.1, but evidently not completely. After attempting and failing multiple times via running "setup.sh -e" (ie, stay in the shell with the install) I tried it without the "-e", which goes into a GUI based installation. Much to my surprise the installation went smoothly then.

As I was in the middle of an SR on this, the developer is now aware of the problem.

Tom



tbreeden;2054921 wrote:
On attempting to install a second primary ZCM server, 10.3, on SLES 11, all seems to go well until I enter the new server's certificate, which was issued by the same CA as the first one:

"The issuer of the SSL Certificate used in authentication to the first primary
serve/r does not match the issuer of the specified server certificate."

which shows in the install log file like this:

"com.novell.zenworks.install.customcode.configure.ConfigSSLAction FatalInstallException: The issuer of the
specified signed server certificate doesn't match the CA certificate subject."

(I've found a couple of similar posts two and three years ago, but no solution posted).

At the start of the install, the first primary server's certificate is obtained from it and I am asked if I trust it. The info shown then looks correct and I say "Y". The "issuer" information on that accepted certificate seems to be identical to that on the second primary server's certificate.

Both certificates are good through 2011. The Issuer certificate is good until 2020.

So, any idea about what is going on?


TID 7002165 "ZCM installation ERROR: SSL Certificate used in authentication does not match certificates provided" seems to be similar, though the error wording is not the same, and it is said to be fixed in 10.2.
Has anyone used the workaround discussed there anyway? (I've spend so much time trail-and-erroring on this install I'd really appreciate any suggestions).

Thanks,

Tom
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.