Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Steinar Saugsta1 Super Contributor.
Super Contributor.
986 views

OMi 10.11 and Certificates

Jump to solution

HI,

I have installed OMi 10.11 for Windows which stands behind a loadbalancer.
Access to the OMi is via https port 443.
Certificates are generated by OMi.
When accessing the OMi GUI via IE I have installed the certificate and then exported it.
The certificate has then been imported to another application from a 3rd. part (AppLink Clip) with keytool.
When this applicatioon tries to get access to the OMi, I get the following error message:

Connection to HP BSM OMi FAILED: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching project-prod.company.no found. Reconnection Attempt in 30 Seconds.

The DNS name is seen in the certificate, but still not able to connect to OMi via WEB Rest services.

When I connect directly to one of the OMi GWs its working fine.

The certificate has three entries for DNS:

#4: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: omigwp01.project.company.no
DNSName: project-prod.company.no     -->This is the VIP on the LB
DNSName: localhost

In the test environment it's working fine. but not in prod.

I also have a question about how OMi generate the info in the certrificates for DNS, will it just add the DNS for GWs and the VIP adress for the user access (and not VIP adress for data access) as seen in the Platform Administration > Host Configuration ?

Any suggestions?

Br.
Steinar S

Tags (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Steinar Saugsta1 Super Contributor.
Super Contributor.

Re: OMi 10.11 and Certificates

Jump to solution

The customer had enabled a SSL Profile on the LB. When this was disabled, everything was working fine.

0 Likes
2 Replies
David_B_OMi Absent Member.
Absent Member.

Re: OMi 10.11 and Certificates

Jump to solution

Hello 

In regards this, what I understand is that the GW server has the load balancer certificates but could you confirm that on the Load balancer the certificates of the GW are preset as well as the load balancer certificates themselves?

Also on the Administration Guide > Additional Configuration > High Availability > Load Balancing for the Gateway Server, could you confirm that you have follow the step 5 “Configure the load balancer for data collector access”?

 

Best regards

0 Likes
Highlighted
Steinar Saugsta1 Super Contributor.
Super Contributor.

Re: OMi 10.11 and Certificates

Jump to solution

The customer had enabled a SSL Profile on the LB. When this was disabled, everything was working fine.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.