- Community Home
- >
- Networking
- >
- IMC
- >
- Re: Certificate in iMC
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-07-2009 06:40 AM
09-07-2009 06:40 AM
Certificate in iMC
(will prevent the annoying allow certificates too!)
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2012 02:59 AM
04-24-2012 02:59 AM
Re: Certificate in iMC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2012 07:57 AM
08-20-2012 07:57 AM
Re: Certificate in iMC
Hi,
Well done with the blog, this is what I'd worked out sometime ago too :) ..
Now heres a new one for you... v5 SP1, has this changed as it looks like it... Is the new keystore file "newks" instead of "keystore"?
It appears that just using the previous cert keystore that I've been using with all the previous versions doesn't work if you just use it like before...
Any advice or knowledge of the changes to the certs in SP1?
Cheers!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2013 12:46 AM
01-15-2013 12:46 AM
Re: Certificate in iMC
You've probably worked it out by now, but yeah, it seems that newks is now used, and that the default storepass is now iMCV500R001
Look in C:\Progam Files\iMC\client\conf\applicationContexts.xml. That defines the keystore to be used, and the password.
I'll be digging into this some more tomorrow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2013 04:49 AM
06-07-2013 04:49 AM
Re: Certificate in iMC
I've just been down this path, and thought I'd followed it religiously, but the jserver process starts with errors and there is now no IMC web service, though ports 8080 and 8443 are listening. Any ideas?
The IMC Monitoring Agent says the jserver process status is "Error occurred in process startup. For details see the log." What log?
A listing of the keystore is attached.
Any help gratefully received.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2013 04:50 AM
06-07-2013 04:50 AM
Re: Certificate in iMC
Thought I'd added an attachment but it seems to have got lost. Here it is below...
C:\Program Files\iMC\client\security>keytool -list -v -keystore .\newks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: 1 Creation date: Jun 7, 2013 Entry type: PrivateKeyEntry Certificate chain length: 2 Certificate[1]: Owner: CN=win2k-imc.aarons.net, O=Aarons Inc, ST=GB, C=UK Issuer: CN=aarons.net, OU=Home, O=Aarons Inc, L=Cheltenham, ST=GB, C=UK Serial number: 6 Valid from: Fri Jun 07 10:32:08 GMT 2013 until: Sat Jun 07 10:32:08 GMT 2014 Certificate fingerprints: MD5: 19:D4:95:7D:DF:B0:C5:B7:EE:F2:B2:6B:E3:9F:F5:A9 SHA1: 9F:2D:E6:47:A7:A8:57:4B:D0:0D:E2:FE:CB:FA:CF:A7:48:55:F3:47 Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false #2: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 62 F9 C9 BB 17 2E 8F B6 B4 49 C2 07 4F BD A9 57 b........I..O..W 0010: C8 A1 0E 16 .... ] ] #3: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:false PathLen: undefined ] #4: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 62 F9 C9 BB 17 2E 8F B6 B4 49 C2 07 4F BD A9 57 b........I..O..W 0010: C8 A1 0E 16 .... ] ] Certificate[2]: Owner: CN=aarons.net, OU=Home, O=Aarons Inc, L=Cheltenham, ST=GB, C=UK Issuer: CN=aarons.net, OU=Home, O=Aarons Inc, L=Cheltenham, ST=GB, C=UK Serial number: dc00dde55cfcd0f9 Valid from: Thu Mar 28 13:19:55 GMT 2013 until: Wed Mar 28 13:19:55 GMT 2018 Certificate fingerprints: MD5: A3:56:C1:B6:2E:52:B4:27:37:6A:48:85:B8:E0:67:8F SHA1: A0:33:D5:5D:96:7E:06:FC:8F:FA:C5:9D:50:87:B2:14:E2:27:BA:AD Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 62 F9 C9 BB 17 2E 8F B6 B4 49 C2 07 4F BD A9 57 b........I..O..W 0010: C8 A1 0E 16 .... ] ] #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 62 F9 C9 BB 17 2E 8F B6 B4 49 C2 07 4F BD A9 57 b........I..O..W 0010: C8 A1 0E 16 .... ] [CN=aarons.net, OU=Home, O=Aarons Inc, L=Cheltenham, ST=GB, C=UK] SerialNumber: [ dc00dde5 5cfcd0f9] ] ******************************************* ******************************************* Alias name: imc Creation date: Jun 7, 2013 Entry type: PrivateKeyEntry Certificate chain length: 2 Certificate[1]: Owner: CN=win2k-imc.aarons.net, O=Aarons Inc, ST=GB, C=UK Issuer: CN=aarons.net, OU=Home, O=Aarons Inc, L=Cheltenham, ST=GB, C=UK Serial number: 6 Valid from: Fri Jun 07 10:32:08 GMT 2013 until: Sat Jun 07 10:32:08 GMT 2014 Certificate fingerprints: MD5: 19:D4:95:7D:DF:B0:C5:B7:EE:F2:B2:6B:E3:9F:F5:A9 SHA1: 9F:2D:E6:47:A7:A8:57:4B:D0:0D:E2:FE:CB:FA:CF:A7:48:55:F3:47 Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false #2: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 62 F9 C9 BB 17 2E 8F B6 B4 49 C2 07 4F BD A9 57 b........I..O..W 0010: C8 A1 0E 16 .... ] ] #3: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:false PathLen: undefined ] #4: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 62 F9 C9 BB 17 2E 8F B6 B4 49 C2 07 4F BD A9 57 b........I..O..W 0010: C8 A1 0E 16 .... ] ] Certificate[2]: Owner: CN=aarons.net, OU=Home, O=Aarons Inc, L=Cheltenham, ST=GB, C=UK Issuer: CN=aarons.net, OU=Home, O=Aarons Inc, L=Cheltenham, ST=GB, C=UK Serial number: dc00dde55cfcd0f9 Valid from: Thu Mar 28 13:19:55 GMT 2013 until: Wed Mar 28 13:19:55 GMT 2018 Certificate fingerprints: MD5: A3:56:C1:B6:2E:52:B4:27:37:6A:48:85:B8:E0:67:8F SHA1: A0:33:D5:5D:96:7E:06:FC:8F:FA:C5:9D:50:87:B2:14:E2:27:BA:AD Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 62 F9 C9 BB 17 2E 8F B6 B4 49 C2 07 4F BD A9 57 b........I..O..W 0010: C8 A1 0E 16 .... ] ] #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 62 F9 C9 BB 17 2E 8F B6 B4 49 C2 07 4F BD A9 57 b........I..O..W 0010: C8 A1 0E 16 .... ] [CN=aarons.net, OU=Home, O=Aarons Inc, L=Cheltenham, ST=GB, C=UK] SerialNumber: [ dc00dde5 5cfcd0f9] ] ******************************************* ******************************************* C:\Program Files\iMC\client\security>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2013 06:51 PM
06-07-2013 06:51 PM
Re: Certificate in iMC
Sorry I don't have time to investigate this more closely, but you could check this post I made a while ago that covers setting up a custom certificate: http://www.netopscommunity.net/en_GB/forums/-/message_boards/view_message/48010#_19_message_48010
The logfile you need is somewhere under the client directory. - off the top of my head it's called imcforeground.log.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2013 07:50 AM
06-17-2013 07:50 AM
Re: Certificate in iMC
Hi LindsayHill
Thanks for the pointer. I finally tracked the issue down to my pfx package for transferring the server and CA trust chain certificates. It contained all the right certificates and keys, but the keytool import just didn't generate the trust chain. I finally built a working keystore using the process below. May be helpful for other folks, who knows?
•Generate a Java keystore and key pair
keytool -genkey -alias imc -keyalg RSA -keystore newks -keysize 2048 -storepass iMCV500R001
•Generate a certificate signing request (CSR) for the keystore
keytool -certreq -alias imc-server.papageno-home.net -keystore newks -file imc-server.papageno-home.net.csr -storepass iMCV500R001
•Sign CSR from OpenSSL
sudo openssl ca -in imc-server.papageno-home.net.csr -out imc-server.papageno-home.net.crt -days 365
•Keytool barfs on the full crt file, so strip out the certificate to just the lines begining and ending with "---BEGIN/END CERTIFICATE---" as imc-server.papageno-home.net.crt.modified
•Import a root or intermediate CA certificate to an existing Java keystore
keytool -import -trustcacerts -alias papageno-home.net -file ca.crt -keystore newks -storepass iMCV500R001
•Import a signed primary certificate to an existing Java keystore with alias "imc" ('cos IMC expects it so)
keytool -import -trustcacerts -alias imc -file imc-server.aarons.net.crt.modified -keystore newks -storepass iMCV500R001
•Set key password to same as store password
keytool.exe -keypasswd -alias imc -keypass keypassword -new iMCV500R001 -keystore newks -storepass iMCV500R001
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2013 12:08 PM
06-17-2013 12:08 PM
Re: Certificate in iMC
Good to hear you got it working - and thanks for posting back here to let us know how you did it. Might help someone else in future.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2014 05:28 AM
10-28-2014 05:28 AM
Re: Certificate in iMC
Hey,
I was looking for the same issue and did it. I wrote a blog about the solution I found with the latest iMC version. For those, who are still searching for the solution have a look at it.
http://www.flomain.de/2014/10/imc-webserver-certificate/
BR
Florian