Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Certificate not Installed on the Node

News HP Operations Manager Recommended Links Changing OVcoreid of the node due to mismatch Undefined certificate state
Policies Default Policy Groups node groups Humor Etc

This situation is visible both on the node and from the admin GUI.

The first approach is to trigger new certificate request:

Now the agent is running and triggered the certificate request...

The second path is to install it manually

Try re-adding the node to management server with manual certificate

  1. Delete the node from management server
    opcnode -del_node node_name=<nodename> net_type=NETWORK_IP 
  2. On the node
    ovc -stop 
    remove all certificates using /opt/OV/bin/ovcert -remove

    /opt/OV/bin/ovcoreid -create -force 
  3. Remove old queues
    rm -f /var/opt/OV/tmp/OpC/* 
  4. Restart the agent
    ovc -start
  5. Add the node in management server using FQDN
     

  6. Change the id of nodein management server
    opcnode -chg_id node_name=<nodename> id=<newcoreid from node> 
  7. Manually issue certificate
    /opt/OV/bin/OpC/opccsacm -issue -name <Managed node name> -coreid <coreid of 
    node> -file/tmp/cert_test -pass <password>

    Note: Donot forget the password.

    6. Copy the certificate file /tmp/cert_test to the same location in the managed node.
     

  8. On the node , import the certificate by executing the below command in the managed node,

    /opt/OV/bin/ovcert -import -file /tmp/cert_test -pass <password>. 
    Now excecute
    /opt/OV/bin/ovcert -updatetrusted

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

IT Resource Center forums - OVO Agent Certificate request problem

1.Delete the node from management server
opcnode -del_node node_name=<nodename> net_type=NETWORK_IP

2.On the node
ovc -stop
remove all certificates using /opt/OV/bin/ovcert -remove
create new coreid
/opt/OV/bin/ovcoreid -create -force
Remove old queues
rm -f /var/opt/OV/tmp/OpC/*
ovc -start

3.Add the node in management server using FQDN

4.Change the id of nodein management server
opcnode -chg_id node_name=<nodename> id=<newcoreid from node>

5.manually issue certificate
/opt/OV/bin/OpC/opccsacm -issue -name <Managed node name> -coreid <coreid of node> -file/tmp/cert_test -pass <password>
Note: Donot forget the password.

6.Copy the certificate file /tmp/cert_test to the same location in the managed node.

7.On the node , import the certificate by executing the below command in the managed node,
/opt/OV/bin/ovcert -import -file /tmp/cert_test -pass <password>.
Now excecute "/opt/OV/bin/ovcert -updatetrusted"

IT Resource Center forums - OVO agent communcatio error - This thread has been closed

saravanaa Aug 6, 2009 10:58:04 GMT

-------------------------------------------------------------------------------- Hi Experts,

Am facing a critical issue on the communication between the agent and the server.. As work around I just removed the certificates from the OV agent managed node. After this I tried to issue a cert request but it failed. also am not able to start the agent on the managed node.

here is the error in system.txt file...

WRN: Thu Aug 06 04:08:18 2009: ovbbccb (3828/2364): (bbc-90) The incoming HTTPS client connection from host 127.0.0.1 failed due to the SSL error: 1: WRN: Thu Aug 06 04:08:18 2009: ovbbccb (3828/2364): (sec.core-106) Could not get certificate for alias 'dacd7482-ad0e-7530-0c0d-f3391572d6de'. 2: WRN: Thu Aug 06 04:08:18 2009: ovbbccb (3828/2364): (sec.core-25) No certificate for alias 'dacd7482-ad0e-7530-0c0d-f3391572d6de' is installed.

C:\>ovcert -certreq ERROR: (sec.cm.client-133) Could not trigger certificate request. (bbc-71) There is no server process active for address: http:// localhost/com.hp.ov.sec.cm.certificateclient/rpc2/.

C:\>ovc -start

gives no output... the agent version is 8.14

Any help appreciated

Thanks, Sarav

Sort Answers By: Date or Points

rareman Aug 6, 2009 11:15:47 GMT 2 pts

-------------------------------------------------------------------------------- re-install agent

saravanaa Aug 6, 2009 11:41:56 GMT N/A: Question Author

-------------------------------------------------------------------------------- I would like to know what is the issue behind this.... Also looking for any other solution other than Re-install agent.

Thanks, Sarav

Larry Klasmier Aug 6, 2009 11:47:23 GMT 3 pts

-------------------------------------------------------------------------------- What is the output from the following: managed node: ovcoreid ovcert -list ovcert -status

Management node: opcnode -list_id node_list=<managed node>

Larry

saravanaa Aug 6, 2009 11:54:26 GMT N/A: Question Author

-------------------------------------------------------------------------------- C:\>ovcert -status Status: Undefined (Certificate Client could not be contacted).

C:\>ovcoreid dacd7482-ad0e-7530-0c0d-f3391572d6de

C:\>ovcert -list +---------------------------------------------------------+ | Keystore Content | +---------------------------------------------------------+ | Certificates: | +---------------------------------------------------------+ | Trusted Certificates: | +---------------------------------------------------------+

John von Gunten Aug 6, 2009 14:20:55 GMT 6 pts

-------------------------------------------------------------------------------- Make sure that the node can see the certificate server and port 383 is open. Also, do "ovconfchg -edit" to look at the configuration file and make sure that the correct certificate server and coreid are entered. If they aren't, add them (look for proper syntax on other nodes) and restart the agent.

Pat Campbell Aug 6, 2009 18:03:41 GMT 1 pts

-------------------------------------------------------------------------------- what error was returned when you ran "ovcert -certreq" on the managed node?

AsHiSh JoHaRi Aug 6, 2009 19:20:39 GMT 2 pts

-------------------------------------------------------------------------------- /opt/OV/contrib/OpC/opcsystst -a > /tmp/hpout 2>&1

Run this command & Send us the o/p...

AsHiSh JoHaRi Aug 6, 2009 19:22:15 GMT 4 pts

-------------------------------------------------------------------------------- Also analyse the o/p of:--

bash-3.00# /opt/OV/bin/bbcutil -reg

NOTE: Sending query to OV Communication Broker at path: 'https://localhost:383/'

BasePath=/Hewlett-Packard/OpenView/Coda/ Protocol=HTTPS BindAddress=localhost Port=38018 Authentication=NONE BasePath=/com.hp.ov.conf.core/bbcrpcserver/ Protocol=HTTPS BindAddress=localhost Port=37947 Authentication=REMOTE BasePath=/com.hp.ov.conf.core/checkpolicy/bbcrpcserver/ Protocol=HTTPS BindAddress=localhost Port=37947 Authentication=REMOTE BasePath=/com.hp.ov.ctrl.ovcd/ Protocol=HTTPS BindAddress=localhost Port=37935 Authentication=REMOTE BasePath=/com.hp.ov.depl/bbcfxserver/ Protocol=HTTPS BindAddress=localhost Port=37947 Authentication=ALL BasePath=/com.hp.ov.depl/bbcrpcserver/ Protocol=HTTPS BindAddress=localhost Port=37947 Authentication=ALL BasePath=/com.hp.ov.eaagt.actr/ Protocol=HTTPS BindAddress=localhost Port=38020 Authentication=ALL BasePath=/com.hp.ov.eaagt.msga.hbp/ Protocol=HTTPS BindAddress=localhost Port=38023 Authentication=NONE BasePath=/com.hp.ov.sec.cm.certificateclient/msg/ Protocol=HTTPS BindAddress=localhost Port=37931 Authentication=NONE BasePath=/com.hp.ov.sec.cm.certificateclient/rpc1/ Protocol=HTTPS BindAddress=localhost Port=37931 Authentication=ALL BasePath=/com.hp.ov.sec.cm.certificateclient/rpc2/ Protocol=HTTPS BindAddress=localhost Port=37931 Authentication=REMOTE

saravanaa Aug 7, 2009 04:56:28 GMT N/A: Question Author

-------------------------------------------------------------------------------- The problem got resolved...

Here is the steps I did to resolve it...

1. I have removed the line CERT_INSTALLED=TRUE from the configuration file.

2. Started the ovbbccb service... Now the agent is running and triggered the certificate request...

Thank you for all your efforts!

Thanks, Sarav