How to change the hostname of SSIM without losing the connection to LDAP server due to certificate issue?
search cancel

How to change the hostname of SSIM without losing the connection to LDAP server due to certificate issue?

book

Article ID: 177258

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You want to change the hostname of SSIM from the web management interface. After making the change and reboot, you found that both the web management and client console are no longer available to login. The error shows "LDAP server is unavailable"

Symptoms
Error "LDAP server is unavailable" is shown on both web management interface and SSIM client console when attempting to login. Run "status" command in ssh session shows LDAP service is down


Cause

This is certificate related problem that new certificate does not change effectively when hostname is changed.

Resolution

The workaround is to create a new certificate using IP address, not hostname before the change of hostname takes place.

Follow the steps below when changing the hostname and creating the certificate before the appliance reboots:
    1. Generate a new certificate using ip address, not hostname
    2. Appliance will reboot itself and use the new certificate from now on. Check the new certificate to ensure common name is ip address now.
    3. Change the hostname from either web management interface or ssh session using simuser account.
    4. After the reboot, check if console and client are not accessible with “ldap server is unavailable”. If not, follow the next step.
    5. After the reboot, ssh into the console then run “sesa-setup” again with the new hostname. (sesa-setup –ldap-ip new_hostname –ldap-port 636 –ldap-user administrator –ldap-domain Symantec.ses –db-user symcmgmt –reg-external)
If you have already changed the hostname and rebooted:
    1. Using DRAC or an ssh session login to the appliance as simuser, if you have already logged as db2admin then type the following:

      $ su - simuser
    2. You will then see the following menu:

      ***************************************
        YOU CAN DO THE FOLLOWING IN THIS SHELL:
        ****************************************

        1) View Network Configuration
        2) Modify Network Configuration
        3) Modify Speed and Duplex mode for Network Interface
        4) Change Unix Password for simuser account
        5) Verify Network Connectivity
        6) Change Time/Locale Information
        7) Generate Self-Signed Certificate
        8) Display SSIM Version
        9) Logout

        Selection:
      Select option 7 and create a new certificate.




Powered by Wolken Software