Arunhclite Super Contributor.
Super Contributor.
556 views

Certificate not showing in OMi console

Jump to solution

Hi All,

Installed agent in a linux server and ran the opcactivate utility to set the manager and certificate server. It ran successfully, but certificate request didnt show up in OMi console.

Triggered it manually via cmdline, ovcert -certreq, still it didnt show up.

when checked the pending certificate list in management server, it didnt show up there as well.

PING and Telnet to port 383 is fine bi directionally.

But one thing noticed is bbcutil -ping is throwing SSL error and didnt show the core id of the node when ran from OMi GW server.

Kindly help on this.

0 Likes
1 Solution

Accepted Solutions
Arunhclite Super Contributor.
Super Contributor.

Re: Certificate not showing in OMi console

Jump to solution

Hi All,

 

Thanks much for your help.

 

The issue has been resolved. There was a mismatch in the host file entry on the managed nodes. Once it has been corrected, certificate reached the Management server.

 

Thanks again for your help.

 

Thanks,
Arunkumar.K 

0 Likes
15 Replies
Outstanding Contributor.. Gediminas Daniu Outstanding Contributor..
Outstanding Contributor..

Re: Certificate not showing in OMi console

Jump to solution

Hi,

SSL error is expected, because certifict is not granted and no SSL communicaiton possible.

Is communication from node to DP server woerking. Cetifites are prcessed by DP. Try from manegd node

bbcutil -ping http://<dp server>:383
and from DP to managed node
bbcutil -ping http://<managed node>:383

my 2 cents,
Gedas

0 Likes
Arunhclite Super Contributor.
Super Contributor.

Re: Certificate not showing in OMi console

Jump to solution

Hi Gediminas,

 

Thanks for the quick response.

Checked the commands,it is workig fine from both the ends. Returned results successfully from  node and DP server.

But still certificate is not showing up.

Ours is a standalone environment.

 

Thanks,
Arunkumar.K

0 Likes
gun339 Super Contributor.
Super Contributor.

Re: Certificate not showing in OMi console

Jump to solution

Hi,

Go and check the opeartion agent configuration file properties on the server from where you have triggered the certifcate request.

Verify the primary manager name and the core id with management server.Also verify the license manager of the node.

If values are not correct then please change and regenerate the cert req from node and then grant the cert from cosole or command line.

Regards

Gun

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Certificate not showing in OMi console

Jump to solution

Hi,

You specified the GW as manager and cert server, right? You checked the pending certificates on the DPS right?

If the configuration is ok, try to restart the WDE on the GW and trigger a cert request again. Are there more than one DPS?

Regards,

Rosen

Micro Focus Software Support
The views expressed in my contributions are my own and do not necessarily reflect the views and strategy of Micro Focus.
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution.
0 Likes
Acclaimed Contributor.. KAKA_2 Acclaimed Contributor..
Acclaimed Contributor..

Re: Certificate not showing in OMi console

Jump to solution

I have seen an issue twice where certificate were received successfully but now shown in GUI. Do you see certificate request when running "ovcm -listpending -l" ? -KAKA-

0 Likes
Arunhclite Super Contributor.
Super Contributor.

Re: Certificate not showing in OMi console

Jump to solution

Hi  Kaka,

yeah checked in the command line, but the certificate is not showing there as well.

 

@gun339  Ours is a standalone environment, both GW and DPS in a single server. Yeah checked the ovconfget in the node, it is showing manager and certificate servers as the OMi management server.

 

@Rosen_K  The certificates are coming from other servers, only from these 2 servers it is not coming.

 

Thanks,

Arunkumar.K

0 Likes
gun339 Super Contributor.
Super Contributor.

Re: Certificate not showing in OMi console

Jump to solution

Hi Arunhclite,

I guess there is some problem on the server where the agent is installed.

Please try below steps to fix the issue.

1. Remove the agent from the server,

2. Reboot the server after deinstallation.

3. Install the agent agent

4. Generate the certificate request.<ovcert -certreq>

5. Grant either through command line or OMI GUI. <ovcm -listpending> copy the certificate and then grant <ovcm -grant "reqid">.

Regards

Gun

0 Likes
Highlighted
Arunhclite Super Contributor.
Super Contributor.

Re: Certificate not showing in OMi console

Jump to solution

Hi Gun339,

Tried all the given steps except server reboot, because it is not quite easy to get approval for reboot.

So without that tried all the steps, still it didnt show up.

 

Thanks,
Arunkumar.K

0 Likes
gun339 Super Contributor.
Super Contributor.

Re: Certificate not showing in OMi console

Jump to solution

Hi Arun,

First try this command from the agent node.

cscript oainstall.vbs -srv <management_server_host_name> -cert_srv <certificate_server_host_name>

 

OR

Second, certificate server cannot be resolved (could be due to a DNS issue or typo mistake) by Agent node.

1.Check configured OMi server name for Agent using ‘ovconfget sec.cm.client’
CERTIFICATE_SERVER=<OMi_servername>
2. If required then change OMi server name for Agent using ‘ovconfchg –edit’ and Check that the correct certificate server (FQDN) is in the following namespace:
[sec.cm.client]
CERTIFICATE_SERVER=<OMi_servername>

3.After making correction, retrigger the certificate request from the Agent "ovcert –certreq"


4.On the OMi system, the certificate request also needs to be granted. Use below given commands to view arrived certificate request and to grant request for Agent. "ovcm -listpending" and "ovcm -grant <requestid>"

5. To verify that the certificate request and grant was successful, execute the following command on Agent node "ovcert -list"

 

Regards

Gun

0 Likes
Acclaimed Contributor.. KAKA_2 Acclaimed Contributor..
Acclaimed Contributor..

Re: Certificate not showing in OMi console

Jump to solution

@Arunhclite - as you mentioned that this issue is seen only for few nodes i believe cert request is not even reaching to server. in such case it would be nice to see a trace of ovcert, while running 'ovcert -certreq' command.

-KAKA-

0 Likes
Arunhclite Super Contributor.
Super Contributor.

Re: Certificate not showing in OMi console

Jump to solution

Hi Kaka,

 

I ran a normal traceroute to the OMI server from the managed server. It didnt completed successfully.

 

But it is the same case with a NO CERIFICATE issue server as well. So I hope this wont be the issue. Also let me know the command to run a traceroute for a specific command like ovcert -certreq

 

Thanks,

Arunkumar.K

0 Likes
gun339 Super Contributor.
Super Contributor.

Re: Certificate not showing in OMi console

Jump to solution
0 Likes
Outstanding Contributor.. SahilGupta Outstanding Contributor..
Outstanding Contributor..

Re: Certificate not showing in OMi console

Jump to solution

Hello @Arunhclite ,

 

Can you check if your server (monitored node) have more than 1 NIC cards? A few days back I did an RCA for a similar issue where the server had 2 NIC Cards. During  Telnet and ping request was going from Secondary (Internal) NIC and results were successful However, Certificate request was going out via primary (External) NIC which was blocking the traffic. (Modifying Server routes did not help)

Try to import certificate manually. Reference Link

1) On primary DPS Server: ovcm –issue –file “<output location where the certificate would be saved and name of the file>” –name <FQDN of the OA> -pass <password of your choice> -coreid <Core ID of the OA>

2) On monitored Node: ovcert –importcert –file <path to the certificate> -pass <pass>

 

#If the monitored node is in a different domain to that of your OMi servers, go to "Monitored Nodes" of OMi and select the server. Check if you see only "server name" or "server FQDN". If it's only server name, EDIT it to "Server FQDN" and validate the IP address(s).

Also, follow this link if you have issues with Core ID, click here.

 

Regards,
Sahil Gupta
0 Likes
sheberer Contributor.
Contributor.

Re: Certificate not showing in OMi console

Jump to solution

I've sen this happen if the server is multihomed meaning cert req goes out an interface that doesnt match the ip address thats in dns and mgmt server cant resolve. make sure if its multihomed you set the ip address in the agent config, restart the agent, and send the cert request see if that helps if this scenario exists for you

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.