Resolving Sentinel's Certificate Constraint Issue

Resolving Sentinel's Certificate Constraint Issue

Some of you may have struck the Certificates does not conform to algorithm constraints issue with Sentinel and been a bit confused by the original response of "A proper resolution is to use custom certificates on the logging applications that use strong encryption (key sizes of 1024 or more). Once all applications have been updated, the restriction can be put back in place." as stated in TID 7014219.

When it comes to eDirectory, Identity Manager, iManager, and Access Manager, the default certificate is actually buried in the Platform Agent (PA) binaries that are distributed by each product, so requires patching from engineering to rectify.

Fixes are now available (most of the bugs are restricted to Attachmate employees, so you may get a "You are not authorized to access bug #xxxxxx" message if you try to view them).

eDirectory Bug 854994 was resolved in May 2014 and is available in eDirectory 88SP8 Patch 2 and eDirectory 88SP7 Patch 6 - note the instructions about manually updating the Instrumentation.

Identity Manager Bug 859236 is recently resolved and is available in the upcoming v4.5 release. If you run the current v4.0.2 release, you need to raise a Service Request to gain the patch from this bug (remember to reference the bug number in your SR).

When patching, make sure the lcache process is stopped when patching eDirectory and Identity Manager (doesn't stop with eDirectory):

ps -ef | grep -i lcache
kill -9 insert-lcache-pid-here

The lcache process will automatically start again with eDirectory.

Labels (1)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
"pgrep lcache" (is shorter 😉
kill is enough, so, "kill insert-lcache-pid-here" works
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2019-10-08 22:20
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.