Warning required when executing "omnicc -secure_comm -regenerate_cert" on a Cell Server

Idea ID 2748837

Warning required when executing "omnicc -secure_comm -regenerate_cert" on a Cell Server

Brief Description

I'm suggesting to display a warning like this when executing "omnicc -secure_comm -regenerate_cert" on a Cell Server:

-->
Warning: Before you continue, please be aware that the new cell server certificate will need to be redistributed to all clients in the cell by running “omnicc –secure_comm –configure_peer <CS_HOSTNAME>” on each client separately or by running “omnicc -secure_comm -reconfigure_peer_all”. This last option will require an Installation Server on a client other than the Cell Server. Are you sure you want to continue now? Yes/No.
<--


Benefits / Value

This may look rather trivial at first sight, but it's definitely not! It's crucial that whoever is regenerating new certificates on the cell server is realizing that a redistribution to all clients may not be so easy. In smaller cells it is still feasible to just run "omnicc –secure_comm –configure_peer" on each client. However, in bigger cells with hundreds or thousands of clients this is impossible and another method is needed. Fortunately there is a possibility to use “omnicc -secure_comm -reconfigure_peer_all”, but it is important to know that this will require an Installation Server on another client than the Cell Server. That will allow to first reset secure communication between this Installation Server and the Cell Server and after that run the “omnicc -secure_comm -reconfigure_peer_all”.

Design details

No big efforts or code changes are needed here. Only displaying a warning and requesting a confirmation.

5 Comments
Micro Focus Expert
Micro Focus Expert
Status changed to: Waiting for Votes
 
Respected Contributor.
Respected Contributor.

Hi All,

This is an important, I had an issue whereby I executed the command and was too quick in pressing enter, this caused IPC errors to all clients. I had to reissue new certificates between the CM and all Clients.

 

 

Honored Contributor.. Honored Contributor..
Honored Contributor..

Very important topic. My colleagues broke the cell twice. And now we have constant problems with the security mechanism in this cell.

Trusted Contributor.
Trusted Contributor.

Better tools to manage the secure protocol are certainly needed.  Having to 'fix' issues with this protocol locally client by client is unreasonable, especially so for those with large environments.

Honored Contributor.. Honored Contributor..
Honored Contributor..

@RanBax I totally agree. The existing security mechanism is bad. Especially for large thousands clients multicell environment.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.