Server Management - Systems Insight Manager
1748283 Members
4037 Online
108761 Solutions
New Discussion

Re: vca and use certificate to connect to vcrm

 
NJK-Work
Honored Contributor

Re: vca and use certificate to connect to vcrm

This solution no longer works for me with the latest SMH.  From what I can tell, HP is now generating certificates with the FQDN of the host and this no longer matches with what the VCAgent <-> VC Repository communication is looking for.  They used to create certificates with just the hostname and I think that is what the VC Repository is looking for as a match with the certificate; now that it is a FQDN, they do not match up and the connection fails.  You have to go back to the Username/Password method.  I even tried setting an alternative name with the SMH GUI, but that still does not work.

 

NK

Robert Egloff
Frequent Advisor

Re: vca and use certificate to connect to vcrm

And the same... I can't get it to work by certificate either. But it does with a username/password.

 

Everything *should* be in order for the certificates too - generated one with the SIM Server, exported it, and then added it under the trust on the client server... So in the same boat - and I just downloaded and installed the newest of all of this today.

 

SHM 7.3.1.4

VCA 7.3.2.0

VCRM 7.3.2.0

 

Glad it wasn't just me I suppose :)

i3laze
Frequent Visitor

Re: vca and use certificate to connect to vcrm


jim goodman wrote:

I did hear back - Basically it is kinda backwards from what I think it should be

The SSO is a SMH hosting the VCA to SMH hosting the VCRM

The SMH hosting the VCRM needs to have the SMH Certificate of the SMH hosting the VCA

So for every VCA you want to have SSO to VCRM, you have to add the certificate of the SMH hosting the VCA

It is a manual process so if you have 3000 VCA's you want to have SSO with the VCRM you will need to install each certificate for each SMH hosting VCA one at a time.


Looks like, the correct way to collect all certs from VCAs is mentioned in HP SIM as a Repair action:

"Import Secure Sockets Layer (SSL) certificate of the managed system to HP SIM.  This lets HP SIM trust the System Management Homepage of the managed system.  To run this option SSH service should be running on target systems."

Although I'm not fond of installing OpenSSH everywhere.