1 Ekim 2014 Çarşamba

Linux computer SSL error

Error Message
The server certificate on the destination computer (server.domain.com:1270) has the following errors: 
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.    
The SSL certificate is signed by an unknown certificate authority.

Login to the linux server and run this command as root:
/opt/microsoft/scx/bin/tools/scxsslconfig -v -f
This will regenerate the certificate, at which point you can use the discovery wizard to re-sign it. Also take note of the Hostname/domain returned by this command.  If it is incorrect (such as FQDN in the hostname field, and domain name blank), you can attempt to fix that on the OS (hostname command /etc/hosts), or you can hardcode it with:
 /opt/microsoft/scx/bin/tools/scxsslconfig -v -f -h hostname -d domain.name


To verify that the SCX Agent on the remote system is running properly, try enumerating the SCX_Agent provider using the following command from the Operations Manager monitoring server:
winrm e http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Agent?__cimnamespace=root/scx -r:https://.:1270 -u: -p: -auth:basic -encoding:utf-8
substituting . for the fully-qualified domain name of the host and / for some valid username and password combination on the remote system.
To verify the certificate on the remote system, log into the remote system and issue the following command:
openssl x509 -noout -in /etc/opt/microsoft/scx/ssl/scx.pem -subject -issuer -dates
To check if the certificate has expired, ensure that the current date falls between the notBefore and notAfter dates, and ensure that the date and time on the target server matches that of the Operations Manager Server.
If the certificate common name does not match the hostname, you may change the name of your host system if necessary (check your operating system documentation for information on how to do that). Or, if the certificate is incorrect but your system's host hame is correct, regenerate the certificate by issuing the following commands from the 'root' account:
cd /etc/opt/Microsoft/scx/bin/tools
. setup.sh
scxsslconfig -f
scxadmin -restart cimom
After the above commands are issued, you'll need to re-sign the certificate via the Operations Manager Discovery Wizard.
Finally, be certain that the target computer's Fully Qualified Domain Name can be resolved from the Operations Manager Server.

Hiç yorum yok: