Cannot login to my controller

Hi pokintania,

Thanks for your query.

We hope that you have successfully executed all steps to install the SDN Controller.

Could you please let us know the below-

1. Version of the Controller
2. Controller logs
3. Command used to install keystone
4. Are you able to login using other account(e.g. rsdoc)

Thanks,

HP SDN Team

Experiencing the same issue 

here is the details 

1) SDN controller Version :hp-sdn-ctl_2.2.5.0016_amd64.deb

command used :sudo dpkg -i hp-sdn-ctl_2.2.5.0016_amd64.deb (as mentioned in the installation guide)

2)Keystone command :

sudo apt-get install openjdk-7-jre-headless postgresql
keystone keystone-doc python-keystone iptables unzip

3) could login to the rsdoc interface .

Unable to login to the SDN controller  using  default  Username ="sdn" password="skylake"

Please specify the steps to follow to login to the SDN controller Console GUI.

and also  how to create the username and password  in keystone authentication server .

Hi RASHMIBS,

As per your post you are not able to login using sdn as user and skylake as the password.

Please note that default password is skyline so try with skyline and let us know if you still face the issue.

Please make sure you executed all installation steps(including dependency installation) successfully

In case you still face the issue please provide controller logs and the steps/commands you executed in order to install controller.Also please share the environment details where you are installing the controller.

You can change the password by using steps mentioned in Installation Guide[page 9 onwards ]

Thanks,

HP SDN Team

Hello.

There is new behavior of installation VAN SDN 2.3 - no users are added by setup to keystone during installation (for version <2.3 this is done by install package automatically). You must add it manually (see "install guide 2.3" step 2.2.2 on page 8 (for example run script on page 16).

Martin Cerveny

I've the same problem
	>> I have just fresh install SDN controller. 
	>> It always said "Invalid user & password combination specified!" 
	>> when i try to login with sdn/skyline.

i'have installed keystone with 
	# apt-get install keystone
	Reading package lists... Done
	Building dependency tree       
	Reading state information... Done
	The following NEW packages will be installed:
	  keystone
	0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
	Need to get 0 B/25.2 kB of archives.
	After this operation, 160 kB of additional disk space will be used.
	Selecting previously unselected package keystone.
	(Reading database ... 59879 files and directories currently installed.)
	Unpacking keystone (from .../keystone_1%3a2013.2.3-0ubuntu1~cloud0_all.deb) ...
	Processing triggers for man-db ...
	Processing triggers for ureadahead ...
	Setting up keystone (1:2013.2.3-0ubuntu1~cloud0) ...
	keystone start/running, process 18349
so I've executed your script add_to_keystone.sh
and I've the current user-list
	# keystone --token ADMIN --endpoint http://localhost:35357/v2.0/ user-list
	+----------------------------------+------+---------+-------+
	|                id                | name | enabled | email |
	+----------------------------------+------+---------+-------+
	| 0eecd42191cc4ab8bc9fdfd5446e3eae | sdn  |   True  |       |
	+----------------------------------+------+---------+-------+
then I've setup hp-sdn-ctl
	# dpkg -i hp-sdn-ctl_2.3.5.6505_amd64.deb 
	Selecting previously unselected package hp-sdn-ctl.
	(Reading database ... 59902 files and directories currently installed.)
	Unpacking hp-sdn-ctl (from .../hp-sdn-ctl_2.3.5.6505_amd64.deb) ...
	Setup has detected a compatible jre-headless - 1.7.0_55
	Verifying keystone server...
	Creating system group 'sdn'...
	...done.
	Creating system user 'sdn'...
	...done.
	Creating system user 'sdnadmin'...
	...done.
	Found pg_hba.conf at /etc/postgresql/9.1/main/pg_hba.conf
	Configuring PostgreSQL database...
	 * Restarting PostgreSQL 9.1 database server                                                                        [ OK ] 
	...done.
	Setting up hp-sdn-ctl (2.3.5.6505) ...
	Certificate was added to keystore
	Finalize configuration for keystone...
	... done
	sdna start/running, process 18591
	sdnc start/running, process 18597
	Processing triggers for ureadahead ...
but when I login to https://localhost:8443/sdn/ui
I get "Invalid user & password combination specified!"
the result of 
	#tail -f /var/log/sdn/virgo/logs/log.log
	[2014-08-12 12:36:07.365] INFO  http-bio-8443-exec-1         com.sun.jersey.server.impl.application.WebApplicationImpl         Initiating Jersey application, version 'Jersey: 1.17.1 02/28/2013 12:47 PM' 
	[2014-08-12 12:36:07.631] INFO  http-bio-8443-exec-9         com.sun.jersey.server.impl.application.WebApplicationImpl         Initiating Jersey application, version 'Jersey: 1.17.1 02/28/2013 12:47 PM' 
	[2014-08-12 12:36:30.752] INFO  http-bio-8443-exec-2         com.sun.jersey.server.impl.application.WebApplicationImpl         Initiating Jersey application, version 'Jersey: 1.17.1 02/28/2013 12:47 PM' 
	[2014-08-12 12:36:32.062] ERROR http-bio-8443-exec-2         hp.keystone                                                       Failed to authenticate sdn domain user sdn due to com.hp.api.auth.AuthenticationException: Validation error code 401 
I can connect to "https://localhost:8443/admin"with default user and password
and "https://localhost:8443/api/" get "200 : OK"

passing {"login":{"user":"sdn","password":"skyline"}}
to https://localhost:8443/api/#!/auth/
I get 200 Response Code and this Response Body
	{
	  "record": {
	    "token": "MIICagYJKoZIhvcNAQcCoIICWzCCAlcCAQExCTAHBgUrDgMCGjCCAUMGCSqGSIb3DQEHAaCCATQEggEweyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxNC0wOC0xMlQxMDo0Mjo1Mi4xMzA0NzEiLCAiZXhwaXJlcyI6ICIyMDE0LTA4LTEzVDEwOjQyOjUyWiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogInNkbiIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQiOiAiMGVlY2Q0MjE5MWNjNGFiOGJjOWZkZmQ1NDQ2ZTNlYWUiLCAicm9sZXMiOiBbXSwgIm5hbWUiOiAic2RuIn0sICJtZXRhZGF0YSI6IHsiaXNfYWRtaW4iOiAwLCAicm9sZXMiOiBbXX19fTGB-zCB-AIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVVbnNldDEOMAwGA1UEBxMFVW5zZXQxDjAMBgNVBAoTBVVuc2V0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20CAQEwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYCMnST-qTZN2qXTwBtg3GO38q-YZ1ClAb6n0dA6GfPInjDWdxKBwEemNqnLuM9FK3rIfGEblOsLcHui5ZX4SB7-db6wpfPpt7hnHF6ynvEfJQQAarLtbeGMzmvMOplsrIPqde6FOJRavQbajVZJM4nWvbzQ603ZcZwqTRfrdhlO6Q==",
	    "expiration": 1407926572000,
	    "expirationDate": "2014-08-13 12-42-52 +0200",
	    "userId": "0eecd42191cc4ab8bc9fdfd5446e3eae",
	    "userName": "sdn",
	    "domainId": "",
	    "domainName": ""
	  }
	}
but if I specify "domain":"sdn" in login value
	{"login":{"user":"sdn","password":"skyline","domain":"sdn"}}	
I get Response Code 401 and Response Body
{
  "error": "com.hp.api.auth.AuthenticationException",
  "message": "Authentication required"
}

 can I have help ???

Hi cedLevoni

1. Did you remember to do the apt-get update before installing keystone ?

2. From th HP VAN SDN INstallation guide 2.3 on page 9

Edit the /etc/keystone/keystone.conf file with the following line to set UUID as the

provider type, you will need to add this in the [token] section:

provider=keystone.token.providers.uuid.Provider

Then restart the keystone service.

HTH

Gerhard

I am seeing the same behavior from a fresh install this morning. Just tried your suggestions and it is still a no go.

HI cedLevoni and dysanf

1.Which version of keystone are you using ( Icehouse / Havanna / Grizzly … )
2.Can you please collect the output of the following command “keystone –version” from the controller
3.Can you please collect the output of the following command “uname -a” from the controller
4.Can you please collect the output of the following command “lsb_release -a” from the controller

5.Keystone user mapping
Lets run through this on the controller Please collect the output . I will include a sample inline. Please be aware some of the commands might line wrap but they are all in a single line. SOme of the tables in my example wrapped but sorry not much I can do about that.

List tenants
Command:
keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0 tenant-list
Output:
+----------------------------------+------+---------+
|                id                | name | enabled |
+----------------------------------+------+---------+
| f7209570ff8a49708b1995492cbfab28 | sdn  |   True  |
+----------------------------------+------+---------+

List Users
Command:
keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0 user-list
Output:
+----------------------------------+------+---------+-------+
|                id                | name | enabled | email |
+----------------------------------+------+---------+-------+
| 3d93720e361847acac98150661e2c655 | sdn  |   True  |       |
+----------------------------------+------+---------+-------+

List Roles
Command:
keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0 role-list
Output:
+----------------------------------+-----------+
|                id                |    name   |
+----------------------------------+-----------+
| 9fe2ff9ee4384b1894a90878d3e92bab |  _member_ |
| c10f9e5469574da0a90326b8cf660185 | sdn-admin |
| 008893e266cc4dfd80e613721d8363c3 |  sdn-user |
+----------------------------------+-----------+

Get the user to role mappings for the given tenant
This is where it gets tricky we need to find which user has been mapped to which role for the sdn tenant
In the following command the value after tenant is the id for the sdn tenant from the earlier commands, and the value for user is id for the sdn user
Command :
keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0 user-role-list --tenant <SDNTENANTIDHERE>  --user <SDNUSERIDHERE>
Example
keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0 user-role-list --tenant f7209570ff8a49708b1995492cbfab28  --user 3d93720e361847acac98150661e2c655

+----------------------------------+-----------+----------------------------------+----------------------------------+
|                id                |    name   |             user_id              |            tenant_id             |
+----------------------------------+-----------+----------------------------------+----------------------------------+
| c10f9e5469574da0a90326b8cf660185 | sdn-admin | 3d93720e361847acac98150661e2c655 | f7209570ff8a49708b1995492cbfab28 |
| 008893e266cc4dfd80e613721d8363c3 |  sdn-user | 3d93720e361847acac98150661e2c655 | f7209570ff8a49708b1995492cbfab28 |
+----------------------------------+-----------+----------------------------------+----------------------------------+

6. Can you please attempt the following curl for me please from the command liune for the HP van SDN Controller and collect the output please without the domain.

curl -sk -H 'Content-Type:application/json' -d '{"login":{"user":"sdn","password":"skyline"}}' https://127.0.0.1:8443/sdn/v2.0/auth

7. Can you please attempt the following curl for me please from the command liune for the HP van SDN Controller and collect the output please with the domain.

curl -sk -H 'Content-Type:application/json' -d '{"login":{"user":"sdn","password":"skyline","domain":"sdn"}}' https://127.0.0.1:8443/sdn/v2.0/auth

Thanks in advance
Gerhard Roets
HP SDN Team

I am still facing the issue. This is what I tried:

#sudo apt-get purge keystone
#sudo rm -Rf /var/lib/keystone/
#sudo apt-get update
#sudo apt-get install keystone
#sudo ./add_to_keystone.sh
#sudo vi /etc/keystone/keystone.conf
....
provider=keystone.token.providers.uuid.Provider
....
#sudo service keystone restart
#sudo service sdna restart
#sudo service sdnc restart

I am getting authentication error when I am using the following curl:

curl -sk -H 'Content-Type:application/json' -d '{"login":{"user":"sdn","password":"skyline"}}' https://127.0.0.1:8443/sdn/v2.0/auth
{"error":"com.hp.api.auth.AuthenticationException","message":"Authentication required"}

curl -sk -H 'Content-Type:application/json' -d '{"login":{"user":"sdn","password":"skyline","domain":"sdn"}}' https://127.0.0.1:8443/sdn/v2.0/auth
{"error":"com.hp.api.auth.AuthenticationException","message":"Authentication required"}

The add_to_keystone.sh I used is attached.

Hi Abhik

would you mind posting the output of the following command please ?

curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/tenants" | python -mjson.tool

curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/users" | python -mjson.tool

curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/OS-KSADM/roles" | python -mjson.tool

Note each curl command is one line.

Sample from my system

gpr@lyncsdn:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/tenants"  | python -mjson.tool
{
    "tenants": [
        {
            "description": "",
            "enabled": true,
            "id": "e13fd642ee754377be0d18e6969dc68d",
            "name": "sdn"
        }
    ],
    "tenants_links": []
}
gpr@lyncsdn:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/users"  | python -mjson.tool
{
    "users": [
        {
            "enabled": true,
            "id": "a191b03bdc784855a1e7cdb64d959bf1",
            "name": "sdn",
            "username": "sdn"
        }
    ]
}
gpr@lyncsdn:~$
gpr@lyncsdn:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/OS-KSADM/roles"  | python -mjson.tool

{
    "roles": [
        {
            "description": "Default role for project membership",
            "enabled": "True",
            "id": "9fe2ff9ee4384b1894a90878d3e92bab",
            "name": "_member_"
        },
        {
            "id": "f9f75b4662b1421eb894476ad1442300",
            "name": "sdn-admin"
        },
        {
            "id": "c2f061d1740d44b8beabb1df7180ae90",
            "name": "sdn-user"
        }
    ]
}

Even if you get errors please post the output here.

Kind Regards

Gerhard

Hi Gerhard,

Thanks for your reply.

I tried the curl commands, but I am getting the error "couldn't connect to host". 

cnlabs@cnlabs-VirtualBox:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/tenants" | python -mjson.tool
curl: (7) couldn't connect to host
No JSON object could be decoded
cnlabs@cnlabs-VirtualBox:~$
cnlabs@cnlabs-VirtualBox:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/users" | python -mjson.tool
curl: (7) couldn't connect to host
No JSON object could be decoded
cnlabs@cnlabs-VirtualBox:~$
cnlabs@cnlabs-VirtualBox:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/OS-KSADM/roles" | python -mjson.tool
curl: (7) couldn't connect to host
No JSON object could be decoded
cnlabs@cnlabs-VirtualBox:~$

Thanks

Abhik

Hi Abhik

That is odd.

Can you get the following output

service keystone status

netstat -na | grep 35357

lsb_realease -a

dpkg -l keystone

Do you have any firewalls running like iptables ?

Kind Regards

Gerhard

HP SDN Team

Hi Gerhard,

cnlabs@cnlabs-VirtualBox:~$ service keystone status
keystone start/running, process 2699
cnlabs@cnlabs-VirtualBox:~$ netstat -na | grep 35357
cnlabs@cnlabs-VirtualBox:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.4 LTS
Release: 12.04
Codename: precise
cnlabs@cnlabs-VirtualBox:~$ dpkg -l keystone
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii keystone 2012.2.4-0ubun OpenStack identity service - Daemons
cnlabs@cnlabs-VirtualBox:~$
cnlabs@cnlabs-VirtualBox:~$
cnlabs@cnlabs-VirtualBox:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 127.0.0.0/8 anywhere tcp dpt:9160
REJECT tcp -- anywhere anywhere tcp dpt:9160 rejec t-with icmp-port-unreachable
ACCEPT tcp -- 127.0.0.0/8 anywhere tcp dpt:7199
REJECT tcp -- anywhere anywhere tcp dpt:7199 rejec t-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
cnlabs@cnlabs-VirtualBox:~$

Does the patch 65 of java 7 still has the issue in handling SSL connections?

cnlabs@cnlabs-VirtualBox:~$ java -version
java version "1.7.0_65"
OpenJDK Runtime Environment (IcedTea 2.5.1) (7u65-2.5.1-4ubuntu1~0.12.04.2)
OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)
cnlabs@cnlabs-VirtualBox:~$

Thanks

Abhik

Hi Abhik

It looks to me as if keystone is not listening on the default port, I would suggest you look in /etc/keystone/keystone.conf, and see if the admin_port value has been changed.

Kind Regards

Gerhard

Yes Gerhard, you were right. It is now working. Thanks :)

Hi,

I have now tried everything in this post without success. I still get "Invalid user & password combination specified!" everytime i try to login with "sdn" and "skyline"

Any suggestions on what i can try?

Hello Skaarup,

Apologies for the delay.

Please provide below details-

1.Controller version ?

2.did you upgrade the controller or install afresh?

3.version of keystone?

4.command used to install keystone?

5.Are you able to login using other user?

6.Are you able to see REST API page?

Thanks,

HP SDN Team

Hi,

When I tried to create a user on keystone using command,

$keystone user-create --name sdn.

Im getting the below error,

Warning: Bypassing the authendication,

and Service Unavailable (503).

Can you please let me know, also,

What are the proxy settings I need to take care for keysone configuration while adding an user (mainly in the script add_to_keystone.sh) and ALSO In keystone.conf file

regards,

Satish

Hi Gerhard / SDN Team,

Thank you,, for your support.

Now my keystone is working much fine, I did the proxy setting then I can able to add user, role and tenant to it.

But when I run/install the controller the default port is not coming up. ie 8443 is not listing,

when I did netstat I can see the 35357 port is up and listening, but not the 8443.

So I am not able to open the UI page from my firefoz .. https:/127.0.0.1:8443/... ( all the option, like api, auth ,, model etc)

I even tried with proxy setting to noproxy in browers but no gain.

Can you please advice me what is happening or what went wrong.

I can see the sdnc and sdna are up and runnig,

In log i can see one thing..  

Bundle org.eclipse.virgo.medic.core_3.6.2 RELEASE service 38 as service event UNREGISTERING.

When I scrolled a bit above I can see an error saying Ilogservicelistner.

attached is the error log.

Thanks for all,,

Regards,

Satish K

Hi Satish

If you can post the following output it would be much appreciated

I would like the the following file. If you can zip and attach it it would be much appreciated /var/log/sdn/virgo/logs/log.log 

If you can post the following output

lsb_release -a

update-java-alternatives -l

 dpkg -l hp-sdn-ctl

Example output from the commands

root@sdn1:/var/log/sdn/virgo/logs# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.5 LTS
Release:        12.04
Codename:       precise

root@sdn1:/var/log/sdn/virgo/logs# update-java-alternatives -l
java-1.7.0-openjdk-amd64 1051 /usr/lib/jvm/java-1.7.0-openjdk-amd64

root@sdn1:/var/log/sdn/virgo/logs# dpkg -l hp-sdn-ctl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
ii  hp-sdn-ctl     2.3.5.6505     HP VAN SDN Controller

Kind Regards

Gerhard

Hi Gerhard,

Good day,

Please find below the o/p of commands you have asked, ( looks like all the below command works fine),

Basically I feel It was due to proxy I was not able to create users, tenants,. Now with proxy off I can create.

satish@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.5 LTS
Release: 12.04
Codename: precise

satish@ubuntu:~$ update-java-alternatives -l
java-1.6.0-openjdk-amd64 1061 /usr/lib/jvm/java-1.6.0-openjdk-amd64
java-1.7.0-openjdk-amd64 1051 /usr/lib/jvm/java-1.7.0-openjdk-amd64

satish@ubuntu:~$ dpkg -l hp-sdn-ctl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii hp-sdn-ctl 2.3.5.6505 HP VAN SDN Controller

I feel the issue is with Truststore, please see the attached img. I ran the below command,

satish@ubuntu:~$ keytool -importcert -trustcacerts -keystore keystore -file root.cer -alias CARoot
satish@ubuntu:~$ keytool -importcert -trustcacerts -keystore truststore -file root.cer -alias CARoot

When I ran the below command,

satish@ubuntu:~$ keytool -genkey -alias keystone -keyalg rsa -keysize 2048 -keystore keystore-name

I can see the keystore generating in /opt/sdn/admin, but not able to see the "truststore".

Also can you please eloberate what does this mean (Page 44, Controller_Admin_guide)

(Send the sdn-server.csr to a CA to be signed. The CA will authenticate you and return a signed certificate and its CA certificate chain. We assume the signed certificate from the CA is named signed.cer and the CA's certificate is root.cer. If root.cer is from your own internal CA, then you need to import root.cer into your browser as an authority.)

Thanks I advance,

Regards,

Satish K

Hi Satish

I do not know if you have done much with your controller yet. I would suggest that lets work with the following objectives

1. Get the controller to work with a self signed certificate so you can access the gui.

2. If we need to install a certificate we need to install this as the second step after we have succeeded with 1.

So lets see what version of Java your controller is trying to use. Since you have two versions of java installed

Login on the controller

Become root ( sudo -i )

Become the sdn use ( su - sdn )

Enter the following command

java -version

(Sample without initial login)

gpr@lyncsdn:~$
gpr@lyncsdn:~$ sudo -i
root@lyncsdn:~# su - sdn
sdn@lyncsdn:~$ java -version
java version "1.7.0_55"
OpenJDK Runtime Environment (IcedTea 2.4.7) (7u55-2.4.7-1ubuntu1~0.12.04.2)
OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)

-----

You need to ensure this is Java 1.7 and not 1.6 if this is 1.6 I would suggest you simply uninstall the Java 1.6 environment. If you can inform me if it was using 1.6 it would be great.

----

Now since you worked with certificates I would suggest your remove you purge your sdn controller software and start with a fresh install.

The command to purge the software - dpkg -p hp-sdnc-ctl

This should not effect your keystone users if you are using version 2.3.5

----

Now you can reinstall the controller

dpkg -i filename.deb

dpkg -l hp-sdn-ctl

This would be a good point to see if you can connect to the web gui and to the rest UI.

Once this is doen we can do the next steps. I will detail the certification process in a follow on post.

Kind Regards

Gerhard

HP SDN Team