Valued Contributor.. Deano_03 Valued Contributor..
Valued Contributor..
80 views

CA Signed Cert when upgrading from 10.40 > 10.50

Good afternoon,

I have a LAB NNMi instance which is =

LAB_NNM01 = site 1
LAB2_NNM01 = site 2

I am in the process of upgrading our Windows HP NNMi 10.40 (Patch 1 installed) to HP NNMi 10.50. Upon following the upgrade guide our NNMi which is in Application Failover mode (Site 1 and Site 2) comes back up fine when each is in standalone mode but when joining them back to the Cluster the secondary fails to come back up.

It seems the CA Signed certificates are the issue and in the nnmcluster-daemon.log i see the following error :-

May 16, 2019 1:19:29.409 PM [ThreadID:21] INFO: com.hp.ov.nms.admin.nnmcluster.events.FileTransferFailedEvent : Received notification of failed transfer from LAB_NNM01-34780 for 63c5e7ca-6a6d-4b53-b7a0-b53662da49eb
May 16, 2019 1:19:29.489 PM [ThreadID:38] SEVERE: com.hp.ov.nms.admin.nnmcluster.ClusterFileSocket : Unable to receive on socket due to exception. : javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:71)
at java.io.FilterInputStream.read(FilterInputStream.java:83)
at com.hp.ov.nms.admin.nnmcluster.jgroups.Util.readByteBuffer(Util.java:28)
at com.hp.ov.nms.admin.nnmcluster.ClusterFileSocket.run(ClusterFileSocket.java:92)

When i moved from version 10.20 to 10.40 before some months ago, this worked perfectly with CA signed certificates. Any ideas?

If i use the nnmkeytool to examine the nnm-trust.p12 on each, the files match EXACTLY, as do the MD5 and SHA values.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.