StoreVirtual Storage
1829147 Members
2647 Online
109986 Solutions
New Discussion

Updates check from CMC not working anymore

 
SOLVED
Go to solution
LF1UK
Occasional Contributor

Updates check from CMC not working anymore

Checking for updates or view notifications in CMC doesn't work anymore. Last working check was few weeks ago. The HTTPS address CMS is using for checking news is https://downloads.hpe.com/pub/StoreVirtual/CMC/
but is shows:

Forbidden

You don't have permission to access /pub/StoreVirtual/CMC/ on this server.

Can HPE restore the access? StoreVirtual licences are still under valid support contract.

20 REPLIES 20
oppemarc
Occasional Contributor

Re: Updates check from CMC not working anymore

I have the same Problem cant update my Systems!

Rachna-K
HPE Pro

Re: Updates check from CMC not working anymore

@oppemarc

There is an issue with the Certificates. We nee to add and update them manually.

Request you to raise a ticket with the Support for the same. 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Rachna-K
HPE Pro

Re: Updates check from CMC not working anymore

@LF1UK 

We need to add the Certificates manually. Please have a ticket raised with the Support. 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
GFGAdmin
Occasional Advisor

Re: Updates check from CMC not working anymore

I have manually added the CA and the downloads.hpe.com certificate to the keystore using the import function from keytool.

This did not resolve the issue. 

Please advise. 

Serverparken
Occasional Advisor

Re: Updates check from CMC not working anymore

Same problem here. Please fix this HPE - or publish the solution somewhere.

Rachna-K
HPE Pro

Re: Updates check from CMC not working anymore

@GFGAdmin @Serverparken 

There is a digital certificate issue with the CMC and we have a workaround.

Please log a Case with the Support and we can assist you to perform the workaround. 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Serverparken
Occasional Advisor

Re: Updates check from CMC not working anymore

@Rachna-K  - Well, I suppose a lot of customers are having the same problem, so I would suggest that you instead publish the solution here in the forums...

GFGAdmin
Occasional Advisor

Re: Updates check from CMC not working anymore

@Serverparken 

Completely agreed.  

@Rachna-K 

To say 'we know we broke it, open a ticket so we can fix it' seems a little disingenuous.  If it broke, and HPE knows they broke it, then they should come out and state the fix.

Rachna-K
HPE Pro

Re: Updates check from CMC not working anymore

@Serverparkenand @GFGAdmin

 

I understand. I was waiting for an official Advisory on this which will be released soon.

 

Please find below the workaround:

 

We need to install new DigiCert Public SSL Intermediate Certificates (SHA1) certificates on

  • Host machine where CMC is installed.
  • CMC Java runtime environment

 

DigiCert Certificate installation and import steps:

 

Step 1:  Login to Windows host where CMC is installed and make sure that internet connection is working properly on the same host.

 

Step 2: Download the new DigiCert certificate from below hyperlink.

New DigiCert Public SSL Intermediate Certificates under SHA1 Root

 DigiCert TLS RSA SHA256 2020 CA1 (binary or DER) 

[Edited by Admin: Removed expired link. Please refer to the discussions below to find the new updated link]

 

Step 3:  Copy downloaded certificate “DigiCertTLSRSASHA2562020CA1.cer” into CMC installation directory (“C:\Program Files (x86)\HPE\StoreVirtual\UI\jre\bin”) and try to install it in machine (double click on certificate and install in windows host)

 

Double click on the Certificate to install on machine.

 

Click on ‘Install Certificate’

 

Click on “Next”

 

Click "OK" once the Import is successful.

 

 

Step 4: Open a command prompt in same directory path (“C:\Program Files (x86)\HPE\StoreVirtual\UI\jre\bin”) where CMC is installed.

 

Step 5: Run below keytool command to import the downloaded DigiCert certificate in JRE security which is used by CMC.

                             

keytool –importcert –trustcacerts –alias <ALIASNAME> -file <PATH_TO_FILENAME_OF_THE_INSTALLED_CERTIFICATE> -keystore <PATH_TO_CACERTS_FILE> -storepass changeit

 

How to verify whether the imported certificate is added into ‘cacerts’ or not?

               Run below keytool command to verify :-

               keytool -list -keystore <PATH_TO_CACERTS_FILE> -alias <ALIASNAME>

 

(Enter keystore password: changeit )

 

Step 6: Close the CMC application instances and relaunch it again.

 

Step 7: Try to download the latest ‘upgrades.xml’ file thru CMC.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
GFGAdmin
Occasional Advisor

Re: Updates check from CMC not working anymore

Is that an internal DNS name?

Server: one.one.one.one
Address: 1.1.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to one.one.one.one timed-out

 

Please advise.

 

 

 

Edit:

I am assuming it is this one:
https://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt

I have imported that into the keystore, as well as the Intermediate, and Trusted CA under both user, and computer context, and it is still not working. 

Rachna-K
HPE Pro

Re: Updates check from CMC not working anymore

@GFGAdmin 

 

I have attached the certificate.

Please use this one. 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Rachna-K
HPE Pro

Re: Updates check from CMC not working anymore

Certificate uploaded to the following FTP:

    Drop Box Host:    h1.ext.hpe.com  (15.241.164.75, Failover: 15.241.48.67)

    Login:            es881153

    Password Reference Number:  XD7ok*YK

 

 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Bart_Heungens
Honored Contributor

Re: Updates check from CMC not working anymore

Hi,

When executing the command I get the following error

keytool -importcert -trustcacerts -alias alias -file "C:\Program Files (x86)\HP\StoreVirtual\UI\jre\bin\DigiCertTLSRSASHA2562020CA1.cer" -keystore "C:\Program Files (x86)\HP\StoreVirtual\UI\jre\bin" -storepass changeit

I started the DOS prompt with administrator rights...

--------------------------------------------------------------------------------
If my post was useful, clik on my KUDOS! "White Star" !
GFGAdmin
Occasional Advisor

Re: Updates check from CMC not working anymore

@Bart_Heungens 

Thats the command, not an error.  Make sure the paths you are selecting are appropriate for your environment.

@Rachna-K 

I have put that .cer in the trusted intermediate, and root authorities for both my logged on user, and the computer account.  The import was succesful into the key store, and I can list/view it.
Still a no go on the server communication.

Here is all the output:

This is the keytool adding and view to teh keystore in java/CMC.  Installed CMC local to my username to avoid running it as admin.


PS D:\Users\user\Documents\HPE\StoreVirtual\UI\jre\bin> .\keytool.exe -importcert -trustcacerts -alias digi256 -file .\DigiCertTLSRSASHA2562020CA1.cer -keystore keystore -storepass password
Certificate was added to keystore
PS D:\Users\user\Documents\HPE\StoreVirtual\UI\jre\bin> .\keytool.exe -list -keystore keystore
Enter keystore password:
Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

digi256, Apr 16, 2021, trustedCertEntry,
Certificate fingerprint (SHA1): 69:38:FD:4D:98:BA:B0:3F:AA:DB:97:B3:43:96:83:1E:37:80:AE:A1

User Context - User context to the same user I am running the CMC as.
This is the intermediate store:
PS C:\Users\user> Get-ChildItem Cert:\CurrentUser\CA\ | where {$_.thumbprint -eq "6938FD4D98BAB03FAADB97B34396831E3780AEA1"} | fl

Subject : CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
Issuer : CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thumbprint : 6938FD4D98BAB03FAADB97B34396831E3780AEA1
FriendlyName :
NotBefore : 9/23/2020 7:00:00 PM
NotAfter : 9/23/2030 6:59:59 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid…}

This is the CA store:
PS C:\Users\user> Get-ChildItem Cert:\CurrentUser\Root\ | where {$_.thumbprint -eq "6938FD4D98BAB03FAADB97B34396831E3780AEA1"} | fl

Subject : CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
Issuer : CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thumbprint : 6938FD4D98BAB03FAADB97B34396831E3780AEA1
FriendlyName :
NotBefore : 9/23/2020 7:00:00 PM
NotAfter : 9/23/2030 6:59:59 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid…}


Local Machine Context:

This is the interemediate store:

PS Cert:\> Get-ChildItem Cert:\LocalMachine\CA\ | where {$_.thumbprint -eq "6938FD4D98BAB03FAADB97B34396831E3780AEA1"} | fl

Subject : CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
Issuer : CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thumbprint : 6938FD4D98BAB03FAADB97B34396831E3780AEA1
FriendlyName :
NotBefore : 9/23/2020 7:00:00 PM
NotAfter : 9/23/2030 6:59:59 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid...}


This is the CA store:

PS Cert:\> Get-ChildItem Cert:\LocalMachine\Root\ | where {$_.thumbprint -eq "6938FD4D98BAB03FAADB97B34396831E3780AEA1"} | fl


Subject : CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
Issuer : CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thumbprint : 6938FD4D98BAB03FAADB97B34396831E3780AEA1
FriendlyName :
NotBefore : 9/23/2020 7:00:00 PM
NotAfter : 9/23/2030 6:59:59 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid...}

 

Still a no go on the communications.  Restarted the CMC, and the machaine. 

Please advise.

Rachna-K
HPE Pro

Re: Updates check from CMC not working anymore

@GFGAdmin 

You have to point -keystore at the jre\lib\security\cacerts with that particular password



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Rachna-K
HPE Pro
Solution

Re: Updates check from CMC not working anymore

@Bart_Heungens 

Please use the following command:

 

keytool -importcert -trustcacerts -alias downloads.hpe.com -file DigiCertTLSRSASHA2562020CA1.cer -keystore "C:\Program Files (x86)\HPE\StoreVirtual\UI\jre\lib\security\cacerts" -storepass changeit

 

Alias is not specified in the command mentioned. 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Bart_Heungens
Honored Contributor

Re: Updates check from CMC not working anymore

Hi,

I confirm that this works. My CMC downloaded some new patches for my setup.

Thanks for the support @Rachna-K , good job!

--------------------------------------------------------------------------------
If my post was useful, clik on my KUDOS! "White Star" !
GFGAdmin
Occasional Advisor

Re: Updates check from CMC not working anymore

There it is!!!!!

Thanks @Rachna-K that fixed me right up.  I appreciate the help!

LF1UK
Occasional Contributor

Re: Updates check from CMC not working anymore

Great, it is working. Thanks.

Macros
Occasional Advisor

Re: Updates check from CMC not working anymore

@Rachna-K- Thanks for posting the solution.  Saved me a bit of time with calling into support.

Quick note that the certificate link posted earlier in the thread no longer downloads.  I pulled one from Digicert's site (https://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt) instead.  Then just slighly modified Rachna's command script to change DigiCertTLSRSASHA2562020CA1.cer to DigiCertTLSRSASHA2562020CA1.crt.

After reloading the CMC, all is well again with the world.  Thanks everyone on this thread as well!