Updates check from CMC not working anymore

I have the same Problem cant update my Systems!

@oppemarc

There is an issue with the Certificates. We nee to add and update them manually.

Request you to raise a ticket with the Support for the same. 

@LF1UK 

We need to add the Certificates manually. Please have a ticket raised with the Support. 

I have manually added the CA and the downloads.hpe.com certificate to the keystore using the import function from keytool.

This did not resolve the issue. 

Please advise. 

Same problem here. Please fix this HPE - or publish the solution somewhere.

@GFGAdmin @Serverparken 

There is a digital certificate issue with the CMC and we have a workaround.

Please log a Case with the Support and we can assist you to perform the workaround. 

@Rachna-K  - Well, I suppose a lot of customers are having the same problem, so I would suggest that you instead publish the solution here in the forums...

@Serverparken 

Completely agreed.  

@Rachna-K 

To say 'we know we broke it, open a ticket so we can fix it' seems a little disingenuous.  If it broke, and HPE knows they broke it, then they should come out and state the fix.

@Serverparkenand @GFGAdmin

I understand. I was waiting for an official Advisory on this which will be released soon.

Please find below the workaround:

We need to install new DigiCert Public SSL Intermediate Certificates (SHA1) certificates on

• Host machine where CMC is installed.
• CMC Java runtime environment

DigiCert Certificate installation and import steps:

Step 1:  Login to Windows host where CMC is installed and make sure that internet connection is working properly on the same host.

Step 2: Download the new DigiCert certificate from below hyperlink.

New DigiCert Public SSL Intermediate Certificates under SHA1 Root

DigiCert TLS RSA SHA256 2020 CA1 (binary or DER)

Step 3:  Copy downloaded certificate “DigiCertTLSRSASHA2562020CA1.cer” into CMC installation directory (“C:\Program Files (x86)\HPE\StoreVirtual\UI\jre\bin”) and try to install it in machine (double click on certificate and install in windows host)

Double click on the Certificate to install on machine.

Click on ‘Install Certificate’

Click on “Next”

Click "OK" once the Import is successful.

Step 4: Open a command prompt in same directory path (“C:\Program Files (x86)\HPE\StoreVirtual\UI\jre\bin”) where CMC is installed.

Step 5: Run below keytool command to import the downloaded DigiCert certificate in JRE security which is used by CMC.

keytool –importcert –trustcacerts –alias <ALIASNAME> -file <PATH_TO_FILENAME_OF_THE_INSTALLED_CERTIFICATE> -keystore <PATH_TO_CACERTS_FILE> -storepass changeit

How to verify whether the imported certificate is added into ‘cacerts’ or not?

               Run below keytool command to verify :-

               keytool -list -keystore <PATH_TO_CACERTS_FILE> -alias <ALIASNAME>

(Enter keystore password: changeit )

Step 6: Close the CMC application instances and relaunch it again.

Step 7: Try to download the latest ‘upgrades.xml’ file thru CMC.