1 Ekim 2014 Çarşamba

Linux computer SSL error 

Error Message
The server certificate on the destination computer (server.domain.com:1270) has the following errors: 
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.    
The SSL certificate is signed by an unknown certificate authority.







Login to the linux server and run this command as root:



/opt/microsoft/scx/bin/tools/scxsslconfig -v -f



This will regenerate the certificate, at which point you can use the discovery wizard to re-sign it. Also take note of the Hostname/domain returned by this command.  If it is incorrect (such as FQDN in the hostname field, and domain name blank), you can attempt to fix that on the OS (hostname command /etc/hosts), or you can hardcode it with:



 /opt/microsoft/scx/bin/tools/scxsslconfig -v -f -h hostname -d domain.name







Resolutions

To verify that the SCX Agent on the remote system is running properly, try 
enumerating the SCX_Agent provider using the following command from the 
Operations Manager monitoring server:


winrm e 
http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Agent?__cimnamespace=root/scx 
-r:https://.:1270 -u: 
-p: -auth:basic -encoding:utf-8


substituting . for the fully-qualified domain 
name of the host and / for some valid username 
and password combination on the remote system.




To verify the certificate on the remote system, log into the remote system 
and issue the following command:


openssl x509 -noout -in /etc/opt/microsoft/scx/ssl/scx.pem -subject -issuer 
-dates


To check if the certificate has expired, ensure that the current date falls 
between the notBefore and notAfter dates, and ensure that the date and time on 
the target server matches that of the Operations Manager Server.


If the certificate common name does not match the hostname, you may change 
the name of your host system if necessary (check your operating system 
documentation for information on how to do that). Or, if the certificate is 
incorrect but your system's host hame is correct, regenerate the certificate by 
issuing the following commands from the 'root' account:













cd /etc/opt/Microsoft/scx/bin/tools 









. setup.sh 









scxsslconfig -f 









scxadmin -restart cimom 





After the above commands are issued, you'll need to re-sign the certificate 
via the Operations Manager Discovery Wizard. 




Finally, be certain that the target computer's Fully 
Qualified Domain Name can be resolved from the Operations Manager Server. 












Gönderen



zaman:





Hiç yorum yok:
  







































        

      









Kaydol:
Kayıtlar (Atom)