Highlighted
Absent Member.. GTrejos7 Absent Member..
Absent Member..
213 views

[Support Tip] ovcert -certreq shows error "Could not trigger certificate request"

Trying to install OVO agent version 11.11.025 in a Linux 2.6 server
Installation went well and agent started but no certificate request have been triggered to the Management Server.  
When trying to request one with ovcert -certreq, it produces this error:
# ovcert -certreq
ERROR:   (sec.cm.client-133) Could not trigger certificate request.
SoapFaultException:
faultcode: Server.InternalError
faultstring: Unknown internal server error.
faultactor: http://localhost:383/com.hp.ov.sec.cm.certificateclient/rpc2/

# ovcert -check

OvCoreId set                       : OK
Private key installed              : FAILED
Certificate installed              : FAILED
Certificate valid                  : FAILED
Trusted certificates installed     : FAILED
Trusted certificates valid         : FAILED

Check failed.
# ovcert -list
+---------------------------------------------------------+

Keystore Content

+---------------------------------------------------------+

Certificates:

+---------------------------------------------------------+

Trusted Certificates:
+---------------------------------------------------------+

Cause:

It was found that the /etc/issue file contents conversion from CharArray_t to String_t raises default execption. This exception is not handled.



Solution

Do the following:

Create Certificate manually.

To manually create install the certificate do the following:
1) According with the information that you provided the following is the ovcoreid about cbscclr281p

Cmd executed : /opt/OV/bin/ovcoreid
****************************************
87c06bcc-b0bc-7566-1c1d-9abda10935b5

We will need this in step #3.

2) And also the previous outputs from the OVO Mgmt Server match with our previous one:
#/opt/OV/bin/OpC/utils/opcnode -list_id node_list=abc.net

List of IDs for node(s):
Name = abc.net                ID = 87c06bcc-b0bc-7566-1c1d-9abda10935b5



3) On OVO Mgmt Server execute the following:
# ovcm -issue -file /tmp/node.cert -name abc.net -pass certpass -coreid 87c06bcc-b0bc-7566-1c1d-9abda10935b5

4) Copy the resulting  '/tmp/node.cert' file from the OVO Mgmt Server to the directory '/tmp' on the Node abc.net

5) On Node abc.net:
# ovcert -importcert -file /tmp/node.cert -pass certpass
# ovcert -list          (You should now see the certificate information)
# ovcert -check      (All cert items should show "OK")


Manually exchanging certificates allows the agent to properly communicate with the OM server.

If manually installing the certificates is not acceptable there is also a hotfix available:

http://support.openview.hp.com/selfsolve/document/LID/QCCR1A165707





HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
If you liked it I would appreciate KUDOs.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.