New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
Absent Member.. Absent Member..
Absent Member..
2890 views

Certificate Issue in OMi 10.01

Jump to solution

Hello,

 

We are having problem to grant certificates on OMi.

 

After deploy an agent version 12.00, We change some agent configuration as below.

 

ovconfchg -ns eaagt -set OPC_NODENAME <SERVER_NAME>

ovconfchg -ns eaagt -set OPC_IP_ADDRESS <SERVER_IP_ADDRESS>

ovconfchg -ns bbc.cb -set SERVER_BIND_ADDR <SERVER_IP_ADDRESS>

ovconfchg -ns bbc.http -set SERVER_BIND_ADDR <SERVER_IP_ADDRESS>

ovconfchg -ns bbc.http -set CLIENT_BIND_ADDR <SERVER_IP_ADDRESS>

 

after this, We send another ovcert -certreq, and on OMi Certificate Request page the certificate appears, but after Accept, the status stay in "Granted" and never changes.

 

We tested route, icmp, name resolution and agent configuration, but any server that I try to certificate this happens.

 

Have Anyone already seen that?

 

I tried unninstall and install again, deleted the node first on OMi, but still happening the same.

 

 

Labels (1)
Tags (2)
0 Likes
14 Replies
Highlighted
Absent Member.. Absent Member..
Absent Member..

Hello Norbert,

 

I Understood what you said, This is information was from our HP architect that is working in this project.

I will ask for the part of documentation that is saying this.

 

But even I need use GW as certificate server, I got the same problem to granbt the certificate, I think we have a communication problem.

 

Before start this topic, I was using the gateway server as certificate server, so it's not the root cause.

 

Do you have some tests to I perform here?

0 Likes
Highlighted
Absent Member.
Absent Member.

Yes, please check the private message.

Because the results you get from the commands will be too long to post here

Highlighted
Absent Member.. Absent Member..
Absent Member..

We called the HP support that analyzed and suggested to reinstall all the environment because some problem found probably in the future could impact in other problems.


But after reinstall we faced other certificate problems, so them after many tests I could understand how exactly works in OMi 10 in a distributed environment with multihomed ip address devices.


When you install without configure any custom settings, the agent send the certificate to Gateway using the main interface.


when you grant in console, isn't the gateway that send the certificate back, the DPS that send the certificate back, so your agent needs to communicate with you DPS too.


Our environment doesn't use the main interface (production) to monitor the devices, so we need to set some configurations in the agent to all communication use the administration interface (secondary interface).


After the installation We configured the parameters below and resent the ovcert command.

ovconfchg -ns eaagt -set OPC_IP_ADDRESS <AGENT_IP_ADDRESS>

ovconfchg -ns bbc.cb -set SERVER_BIND_ADDR <AGENT_IP_ADDRESS>

View solution in original post

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.