HPE Community
HPE 3PAR StoreServ Storage
1823258 Members
3057 Online
109648 Solutions
New Discussion юеВ

SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

 
SOLVED
Go to solution
Terberg
Occasional Advisor

тАО08-31-2022 05:38 AM - last edited on тАО09-01-2022 03:10 AM by

тАО08-31-2022 05:38 AM - last edited on тАО09-01-2022 03:10 AM by

SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

We are getting permission denied when trying to move the keystore file (step 3 in the procedure).
Looking at the permissions, it looks like all the files under /opt/hpe/ssmc/ssmcbase/etc are owned by hpe3parssmcuser and ssmcadmin is unable to do anything (including chmod/chown). What are we missing?

0 Kudos
Reply
10 REPLIES 10
Dardan
Trusted Contributor

тАО08-31-2022 05:53 AM

тАО08-31-2022 05:53 AM

Re: SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

Hi,

Changing SSMC certificate can be tricky when it comes to the directory permissions under ssmcadmin user. This topic has already been discussed previously under this thread SSMC 3.6 Custom Certificate. The issue is mostly if you miss the file or path name of the files you need to modify.

I've made a procedure HPE SSMC Custom Certificates a while ago, if you follow these steps you should be able to replace your certificate.
Regards,
Dardan

 

___________
Hit the Kudo's button to show appreciation or mark as solution if your question was answered.
Reply
Terberg
Occasional Advisor

тАО08-31-2022 05:59 AM

тАО08-31-2022 05:59 AM

Re: SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

Hi Dardan,

 

The issue is file permissions.

I am following your procedure and it fails at step 2, moving the keystore file.
mv: cannot move 'keystore' to 'keystore.orig': Permission denied
-rw-rw---- 1 hpe3parssmcuser hpe3parssmcuser 9009 Aug 18 07:58 keystore

The ssmcadmin account does not have the right to move/rename the keystore file.


Regards,

Rene.

0 Kudos
Reply
support_s
System Recommended

тАО08-31-2022 06:39 AM

тАО08-31-2022 06:39 AM

Query: SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

System recommended content:

1. HPE SSMC 3.8 Administrator Guide | Creating and installing a CA-signed server certificate for SSMC

2. HPE SSMC 3.8.x Administrator Guide | Creating and installing a CA-signed server certificate for SSMC

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

 

Thank you for being a HPE valuable community member.


Accept or Kudo

0 Kudos
Reply
Terberg
Occasional Advisor

тАО08-31-2022 06:43 AM

тАО08-31-2022 06:43 AM

Re: Query: SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

Hi Support_s,

The procedure is clear but it fails at the "mv keystone keystone.orig" with a permission denied.

 

Regards,

Rene.

0 Kudos
Reply
Bertram Stoeckler
HPE Pro

тАО09-01-2022 02:00 AM

тАО09-01-2022 02:00 AM

Solution

Re: SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

Starting with SSMC 3.8 the directory permissions of "/opt/hpe/ssmc/ssmcbase/etc" have changed.

The ssmcadmin user is not allowed to create new files. You can overwrite existing files, but creating a backup file in this directory will fail.

Instead use the ssmcadmin home-directory.

e.g. :

cp /opt/hpe/ssmc/ssmcbase/etc/keystore /home/ssmcadmin/keystore.orig

Let me know if you have any questions.

 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Terberg
Occasional Advisor

тАО09-06-2022 12:07 AM

тАО09-06-2022 12:07 AM

Re: SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

Hi Bertram,

 

Thanks for the info, that explains why the copy failed.

Now it fails at the next step, generating the keypair with keytool.

keytool -genkeypair тАУkeystore keystore -storetype JKS -alias jetty -keyalg RSA -validity 365 -ext

san=dns:nlgrpsmc01.terberg.com
Illegal option: тАУkeystore
keytool -genkeypair [OPTION]...

Generates a key pair

Options:

-alias <alias> alias name of the entry to process
-keyalg <keyalg> key algorithm name
-keysize <keysize> key bit size
-sigalg <sigalg> signature algorithm name
-destalias <destalias> destination alias
-dname <dname> distinguished name
-startdate <startdate> certificate validity start date/time
-ext <value> X.509 extension
-validity <valDays> validity number of days
-keypass <arg> key password
-keystore <keystore> keystore name
-storepass <arg> keystore password
-storetype <storetype> keystore type
-providername <providername> provider name
-providerclass <providerclass> provider class name
-providerarg <arg> provider argument
-providerpath <pathlist> provider classpath
-v verbose output
-protected password through protected mechanism

Use "keytool -help" for all available commands

I am using the exact line as described in the examples but it tells me there is an illegal option.
The error message does not help pinpoint the issue.
I tried with and without the -ext option but that doesn't make any difference.

0 Kudos
Reply
Bertram Stoeckler
HPE Pro

тАО09-06-2022 12:38 AM

тАО09-06-2022 12:38 AM

Re: SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

> I am using the exact line as described in the examples but it tells me there is an illegal option.

I got the same error message when i did a cut&paste from the Web-based SSMC 3.8.x Admin-Manual, and was able to fix this by manually re-typing the command-line. Looks like cut&paste has some extra characters.

Hope that helps.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Terberg
Occasional Advisor

тАО09-06-2022 03:44 AM

тАО09-06-2022 03:44 AM

Re: SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

Hi Bertram,

You are correct, typed it in manually and then it continues.

Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

Now it wants a password, and I have no clue what it is.
Is there any way to recover or reset it ?

0 Kudos
Reply
Bertram Stoeckler
HPE Pro

тАО09-06-2022 03:57 AM

тАО09-06-2022 03:57 AM

Re: SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

>Now it wants a password, and I have no clue what it is.
>Is there any way to recover or reset it ?

No, there is not.

Try "BuyMore3PAR!", which is the default password for the truststore, which is also documented in the admin-manual.

If that does not work, then best will be to reinstall the SSMC appliance. (install 3.8.0, then upgrade to 3.8.3).

It ususally takes less than 30 minutes.

Hope that helps.

 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Terberg
Occasional Advisor

тАО09-06-2022 05:40 AM

тАО09-06-2022 05:40 AM

Re: SSMC 3.8.3.0.26 installing CA-Signed Certificate file access issue

Thanks.
The password didn't work.
A reinstall will be the quickest solution.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.