StoreVirtual Storage

Re: Updates check from CMC not working anymore

 
SOLVED
Go to solution
GFGAdmin
Occasional Advisor

Re: Updates check from CMC not working anymore

Is that an internal DNS name?

> g1t6039.austin.hpecorp.net
Server: one.one.one.one
Address: 1.1.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to one.one.one.one timed-out

 

Please advise.

 

 

 

Edit:

I am assuming it is this one:
https://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt

I have imported that into the keystore, as well as the Intermediate, and Trusted CA under both user, and computer context, and it is still not working. 

Rachna-K
HPE Pro

Re: Updates check from CMC not working anymore

@GFGAdmin 

 

I have attached the certificate.

Please use this one. 


Regards,
Rachna K
I am an HPE Employee

Accept or Kudo




Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company
Rachna-K
HPE Pro

Re: Updates check from CMC not working anymore

Certificate uploaded to the following FTP:

    Drop Box Host:    h1.ext.hpe.com  (15.241.164.75, Failover: 15.241.48.67)

    Login:            es881153

    Password Reference Number:  XD7ok*YK

 

 


Regards,
Rachna K
I am an HPE Employee

Accept or Kudo




Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company
Bart_Heungens
Honored Contributor

Re: Updates check from CMC not working anymore

Hi,

When executing the command I get the following error

keytool -importcert -trustcacerts -alias alias -file "C:\Program Files (x86)\HP\StoreVirtual\UI\jre\bin\DigiCertTLSRSASHA2562020CA1.cer" -keystore "C:\Program Files (x86)\HP\StoreVirtual\UI\jre\bin" -storepass changeit

I started the DOS prompt with administrator rights...

--------------------------------------------------------------------------------
If my post was useful, clik on my KUDOS! "White Star" !
GFGAdmin
Occasional Advisor

Re: Updates check from CMC not working anymore

@Bart_Heungens 

Thats the command, not an error.  Make sure the paths you are selecting are appropriate for your environment.

@Rachna-K 

I have put that .cer in the trusted intermediate, and root authorities for both my logged on user, and the computer account.  The import was succesful into the key store, and I can list/view it.
Still a no go on the server communication.

Here is all the output:

This is the keytool adding and view to teh keystore in java/CMC.  Installed CMC local to my username to avoid running it as admin.


PS D:\Users\user\Documents\HPE\StoreVirtual\UI\jre\bin> .\keytool.exe -importcert -trustcacerts -alias digi256 -file .\DigiCertTLSRSASHA2562020CA1.cer -keystore keystore -storepass password
Certificate was added to keystore
PS D:\Users\user\Documents\HPE\StoreVirtual\UI\jre\bin> .\keytool.exe -list -keystore keystore
Enter keystore password:
Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

digi256, Apr 16, 2021, trustedCertEntry,
Certificate fingerprint (SHA1): 69:38:FD:4D:98:BA:B0:3F:AA:DB:97:B3:43:96:83:1E:37:80:AE:A1

User Context - User context to the same user I am running the CMC as.
This is the intermediate store:
PS C:\Users\user> Get-ChildItem Cert:\CurrentUser\CA\ | where {$_.thumbprint -eq "6938FD4D98BAB03FAADB97B34396831E3780AEA1"} | fl

Subject : CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
Issuer : CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thumbprint : 6938FD4D98BAB03FAADB97B34396831E3780AEA1
FriendlyName :
NotBefore : 9/23/2020 7:00:00 PM
NotAfter : 9/23/2030 6:59:59 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid…}

This is the CA store:
PS C:\Users\user> Get-ChildItem Cert:\CurrentUser\Root\ | where {$_.thumbprint -eq "6938FD4D98BAB03FAADB97B34396831E3780AEA1"} | fl

Subject : CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
Issuer : CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thumbprint : 6938FD4D98BAB03FAADB97B34396831E3780AEA1
FriendlyName :
NotBefore : 9/23/2020 7:00:00 PM
NotAfter : 9/23/2030 6:59:59 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid…}


Local Machine Context:

This is the interemediate store:

PS Cert:\> Get-ChildItem Cert:\LocalMachine\CA\ | where {$_.thumbprint -eq "6938FD4D98BAB03FAADB97B34396831E3780AEA1"} | fl

Subject : CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
Issuer : CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thumbprint : 6938FD4D98BAB03FAADB97B34396831E3780AEA1
FriendlyName :
NotBefore : 9/23/2020 7:00:00 PM
NotAfter : 9/23/2030 6:59:59 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid...}


This is the CA store:

PS Cert:\> Get-ChildItem Cert:\LocalMachine\Root\ | where {$_.thumbprint -eq "6938FD4D98BAB03FAADB97B34396831E3780AEA1"} | fl


Subject : CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
Issuer : CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thumbprint : 6938FD4D98BAB03FAADB97B34396831E3780AEA1
FriendlyName :
NotBefore : 9/23/2020 7:00:00 PM
NotAfter : 9/23/2030 6:59:59 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid...}

 

Still a no go on the communications.  Restarted the CMC, and the machaine. 

Please advise.

Rachna-K
HPE Pro

Re: Updates check from CMC not working anymore

@GFGAdmin 

You have to point -keystore at the jre\lib\security\cacerts with that particular password


Regards,
Rachna K
I am an HPE Employee

Accept or Kudo




Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company
Rachna-K
HPE Pro
Solution

Re: Updates check from CMC not working anymore

@Bart_Heungens 

Please use the following command:

 

keytool -importcert -trustcacerts -alias downloads.hpe.com -file DigiCertTLSRSASHA2562020CA1.cer -keystore "C:\Program Files (x86)\HPE\StoreVirtual\UI\jre\lib\security\cacerts" -storepass changeit

 

Alias is not specified in the command mentioned. 


Regards,
Rachna K
I am an HPE Employee

Accept or Kudo




Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company
Bart_Heungens
Honored Contributor

Re: Updates check from CMC not working anymore

Hi,

I confirm that this works. My CMC downloaded some new patches for my setup.

Thanks for the support @Rachna-K , good job!

--------------------------------------------------------------------------------
If my post was useful, clik on my KUDOS! "White Star" !
GFGAdmin
Occasional Advisor

Re: Updates check from CMC not working anymore

There it is!!!!!

Thanks @Rachna-K that fixed me right up.  I appreciate the help!

LF1UK
Occasional Contributor

Re: Updates check from CMC not working anymore

Great, it is working. Thanks.