Highlighted
Absent Member.. Henry.Alberto Absent Member..
Absent Member..
697 views

(OMU) Support Tip: How to backup restore the OMU certificates and private key on the MS

Is a good practice to backup our Management Server Certificates, don’t forget to incorporate this procedure on your site, for example if you have to do some integration from OMU to Omx or configure a MoM environment or attach a new trust server.

 

1.  The following are some outputs as reference about my Management Server environment.

 

[root@RHCS02 ~]# opcsv -version

@(#)HP Operations Manager 09.20.190 (05/16/14)

 

[root@RHCS02 ~]# uname -a

Linux RHCS02 2.6.18-371.11.1.el5 #1 SMP Mon Jun 30 04:51:39 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux

 

2. Before to create the certificate please double check the certificates state and also the server process,  if something is wrong please fix the problem, dont create any backup that cannot be used in the future.

 

[root@RHCS02 ~]# ovcert -check

 

OvCoreId set                       : OK

Private key installed             : OK

Certificate installed             : OK

Certificate valid                 : OK

Trusted certificates installed     : OK

Trusted certificates valid         : OK

 

 

[root@RHCS02 bin]# ovc -status

adminui     HPOM Administration UI Server       SERVER,OPC,UI (13563) Running

coda       OV Performance Core                 COREXT       (12342) Running

opcacta     OVO Action Agent                   AGENT,EA     (10683) Running

opcactm     OMU Action Manager                 SERVER,OPC   (23248) Running

opcbbcdist OMU BBC Config Adapter             SERVER,OPC   (23547) Running

opccsad     OMU Cert. Server Adapter           SERVER,OPC   (22790) Running

opcdispm   OMU Display Manager                 SERVER,OPC   (21840) Running

opcesf     OMU Event Storm Filter             SERVER,OPC   (22468) Running

opcforwm   OMU Forward Manager                 SERVER,OPC   (23392) Running

opchcd     OMU Agent Health Check             SERVER,OPC   (23705) Running

opchealth   OMU Health Monitoring Engine       SERVER,OPC   (12661) Running

opcmona     OVO Monitor Agent                   AGENT,EA     (9089)   Running

opcmsga     OVO Message Agent                   AGENT,EA     (11413) Running

opcmsgi     OVO Message Interceptor             AGENT,EA     (10526) Running

opcmsgm     OMU Message Manager                 SERVER,OPC   (22138) Running

opcmsgrb   OMU Message Receiver (HTTPS)       SERVER,OPC   (13323) Running

opcsvcam   OMU Svc. Nav. Action Manager       SERVER,OPC   (10832) Running

opcsvcdisc OMU Service Discovery Server       SERVER,OPC   (12494) Running

opcsvcm     OMU Service Engine                 SERVER,OPC   (22618) Running

opcttnsm   OMU TT & Notify Manager             SERVER,OPC   (23088) Running

opcuihttps OMU HTTPS Communication Proxy       SERVER,OPC   (13175) Running

ovbbccb     OV Communication Broker             CORE         (8440)   Running

ovcd       OV Control                         CORE         (8429)   Running

ovconfd     OV Config and Deploy               COREXT       (9061)   Running

ovcs       OV Certificate Server               SERVER       (9167)   Running

ovoareqsdr OMU Request Sender                 SERVER,OPC   (21989) Running

ovtomcatB   OV Tomcat(B) Servlet Container     WEB,SERVER   (10207) Running

 

 

3.  If the ovcert -check outputs are ok and also the process are runing, you can use the opcsvcertbackup to generate your certificate backup also you can get additional info using -h paramenter

 

 

[root@RHCS02 bin]# opcsvcertbackup -h

 

Usage: opcsvcertbackup [ -force ]

                       [ -remove | { -backup | -restore }

                       [ -passwd <password> ] ]

                       [ -file <archive> ] ]

Backs up and restores local HPOM certificates and keys.

Main modes are -backup and -restore.

Option -file allows to specify a custom archive file name,

default is opcsvcertbackup.YYMMDD_hhmmss.tar. For restore,

this option has to be specified.

Mode -remove removes all local keys and certificates after

creating an automatic backup.

Option -passwd specifies the password with which the exported

certificates will be encrypted. This password will be needed

when restoring.

 

 

4. The next was a certificate backup example using the parameter -backup

 

 

[root@RHCS02 tmp]# opcsvcertbackup -backup -passwd mypwd -file /tmp/svr_certificates.bkp

Info: Performing backup of HPOM Server certificate data.

     Archive is /tmp/svr_certificates.bkp.

Info: Determining core IDs ...

Info: Local system is not member of a HA cluster.

Info: Extracting server certificates ...

INFO:   Certificate has been successfully exported to file '/tmp/30847/

         1eabe00c-b54f-7575-0b38-c9230c4fd030.phys.cert'.

INFO:   Certificate has been successfully exported to file '/tmp/30847/

         1eabe00c-b54f-7575-0b38-c9230c4fd030.log.cert'.

Info: Extracting trusted certificates ...

INFO:   Trusted certificates have been successfully exported to file '/tmp/

         30847/trusted.phys.cert'.

INFO:   Trusted certificates have been successfully exported to file '/tmp/

         30847/trusted.log.cert'.

Info: Extracting CA certificate ...

INFO:   CA certificate was successfully exported to file '/tmp/30847/CA.cert'.

Info: Archiving export files into /tmp/svr_certificates.bkp ...

1eabe00c-b54f-7575-0b38-c9230c4fd030.phys.cert

1eabe00c-b54f-7575-0b38-c9230c4fd030.log.cert

trusted.phys.cert

trusted.log.cert

CA.cert

opcsvcertbackup.20150819_080104.txt

/tmp

Info: Removing temporary files ...

Info: All done. Exiting.

 

5. Save the certificate backup in a save place, in my case the file svr_certificates.bkp

 

[root@RHCS02 tmp]# ls -al svr_certificates.bkp

-r-------- 1 root root 20480 Aug 19 08:01 svr_certificates.bkp

 

 

6.  If you need to use the certificate backup you can restore it using the same command but with the parameter -restore example:

 

 

[root@RHCS02 tmp]# opcsvcertbackup -force -restore -passwd mypwd -file /tmp/svr_certificates.bkp

Info: Performing restore of HPOM Server certificate data.

     Archive is /tmp/svr_certificates.bkp.

Info: Determining core IDs ...

Info: Local system is not member of a HA cluster.

Info: Stopping ovc ...

Info: ovc running. Killing due to -force ...

Info: Unpacking archived certificate files from /tmp/svr_certificates.bkp ...

1eabe00c-b54f-7575-0b38-c9230c4fd030.phys.cert

1eabe00c-b54f-7575-0b38-c9230c4fd030.log.cert

trusted.phys.cert

trusted.log.cert

CA.cert

opcsvcertbackup.20150819_080104.txt

Info: HPOM Certificate backup archive

     Created on:         Wed Aug 19 08:01:05 CST 2015

     Hostname:           RHCS02

     Physical Core ID:   1eabe00c-b54f-7575-0b38-c9230c4fd030

     Logical HA Core ID: 1eabe00c-b54f-7575-0b38-c9230c4fd030

Info: Validating core IDs in archive ...

Info: Core ID in archive matches local core ID.

Info: Logical HA Core ID in archive matches local logical core ID.

Info: Removing certificates ...

Info: Removing certificate 1eabe00c-b54f-7575-0b38-c9230c4fd030 ...

INFO:   Certificate has been successfully removed.

Info: Removing certificate CA_1eabe00c-b54f-7575-0b38-c9230c4fd030_2048 ...

INFO:   Certificate has been successfully removed.

Info: Removing shared HA certificates ...

Info: Removing certificate 1eabe00c-b54f-7575-0b38-c9230c4fd030 ...

INFO:   Certificate has been successfully removed.

Info: Removing certificate CA_1eabe00c-b54f-7575-0b38-c9230c4fd030_2048 ...

INFO:   Certificate has been successfully removed.

Info: Importing server certificates ...

INFO:   Import operation was successful.

INFO:   Import operation was successful.

Info: Importing trusted certificates ...

INFO:   Import operation was successful.

INFO:   Import operation was successful.

Info: Importing CA certificate ...

INFO:   Import operation was successful.

Info: Removing temporary files ...

Info: All done. Exiting.

 

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.