(OMi) Support Tip: Certificate grant in an environment with firewalls/RCP
In a distributed OMi environment, the managed node in generates the cert request and sends it to the configured GW message receiver. The GW passes it to the primary DPS where the cert server is running. Once the cert is granted (either manual or automatic), it is the DPS which then sends the granted certificate directly to the requesting managed node. This raises issues in an environment with firewalls/RCP, Therefore the certificate must be deployed to managed node in DMZ manually.
On the DPS:
ovcm -issue -name <FQDN> -file <file_name> -coreid <ovcoreid> -pass <password>
This will create the certificate in <file_name>. <file_name> then must be transferred to the DMZ managed node.
Once certificate file is on the DMZ managed node, the certificate must be imported with:
ovcert -importcert -file <file_name> -pass <password>
The views expressed in my contributions are my own and do not necessarily reflect the views and strategy of Micro Focus.
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution.
In our environment we see certificate request comes to OMI server, but when we grant the certificate it is failing to grant the certificate.
We had verified all FW ports and all are open.
Is there any log file in OMI server side which we can look at to find what issue is.