Ensign
Ensign
127 views

(OMW) Support Tip: How to create fresh certificates for OMW server?

If you need to remove all the certificate from OM server, or they´re corrupted you can use below steps to create it freshly:

 

Prerequisites:

Make sure there is no certificate installed (remove all certificates if any) and below OVRG is set in ovconfig:

[sec.cm.server] OVRG=server

 
1.run below command to create new CA certificate:
ovcm -newcacert

 

2. Run below command to export the trusted certificate from the server side
ovcert –exporttrusted –file c:\trusted.cert –ovrg server

 

3.Import the certificate on the agent side
ovcert –importtrusted –file c:\trusted.cert

 

4.Check the coreid of the management server
ovcoreid

 

5.Run below command to issue a certificate:
ovcm -issue -file C:\mgmt_server_agent.cert -name <mgmt_srv_fqdn> -pass 1234 -coreid <OM coreid>
 
6.Import the certificate:
ovcert -importcert -file C:\mgmt_server_agent.cert -pass 1234
 
7.Import the same certificate for server ovrg:
ovcert -importcert -file C:\mgmt_server_agent.cert -pass 1234 -ovrg server

 

8.. Restart all the server process (or reboot the machine).


Node related certificate location:

%OvDataDir%\datafiles\sec\ks

 

ovrg server related certificate location:

%OvDataDir%\shared\server\datafiles\sec\ks


Notes: 
Notes:  a) If step 7 gives some error like below:
 -----------------
 C:\>ovcert -importcert -file c:\Cert.txt -pass 1234 -ovrg server
 ERROR:   (sec.core-31) A certificate with alias
          '500d65d2-0af3-753e-1b31-ae442b56cd9b' is already installed.
 -----------------

 

   Then go to %OvDataDir%\shared\server\datafiles\sec\ks and delete normal certificate [not the CA certificate] .dat & .PM files from that directory. Then run below 2 commands:


       C:\>ovcert -exportcert -file c:\Cert1.txt -pass 1234
       C:\>ovcert -importcert -file c:\Cert1.txt -pass 1234 -ovrg server

 

 b) If the policies deployed from the OMW server gives some error like "Cannot load policy. Reason: (conf-33) Could not validate the signature for policy data file" then delete policy cache data from management server in "%OvShareDir%\Policies" [delete all file/folders from this directory] and then issue policy reinstall on that node from the OMW console (or do ovpolicy -remove -all first)

0 Likes
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.