Smarts NCM or Voyence Control: SSL Errors received when launching Report Advisor after fresh install of NCM
search cancel

Smarts NCM or Voyence Control: SSL Errors received when launching Report Advisor after fresh install of NCM

book

Article ID: 330921

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Symptoms:




The following conditions, events or system behaviors may be observed with this issue:

  • Smarts NCM Report Advisor fails to launch in a client browser after a fresh installation of Smarts NCM
  • Hostname-related SSL error appears in the catalina.out file.


Environment

VMware Smart Assurance - NCM

Cause

This issue can occur for the following reasons:
  • The SSL Certificate CN field is set to a short hostname or Fully Qualified Domain Name (FQDN) that does not match the one used during the installation of the Report Advisor server.
  • The SSL Certificate from the Application Server was never installed on the Report Advisor server.

Resolution

If you encounter this issue, do the following:

1. Log into the Smarts NCM Application Server (AS) as  root  user.
2. Run the following command to set NCM related session variables:

     . /etc/voyence.conf

3. Navigate to the $VOYENCE_HOME/bin/ path and run the following command:

    perl makekeystore.pl

4. Make sure that voyence-ssl.keystore has the FQDN name as CN field displayed by running the following commands (Note: The keystore password must be supplied to run this command successfully; default is  change management ):

    . /etc/jboss.conf
    keytool -list -v -keystore $JBOSS_HOME/server/vc-server/deploy/1vc.sar/voyence-ssl.keystore

5. Verify that the keystore file permissions and ownership are set to  -rw-r----- jboss voyence . If modifications are needed, run the following commands:

    chown jboss:voyence $JBOSS_HOME/server/vc-server/deploy/1vc.sar/voyence-ssl.keystore
    chmod 640 $JBOSS_HOME/server/vc-server/deploy/1vc.sar/voyence-ssl.keystore

6. Restart jboss services by running the following command:

    service jboss restart

7. Repopulate and export all session variables by running the following command:

    . /etc/voyence.conf

8. Export the regenerated selfsigned certificate from the voyence-ssl.keystore to a file (ex.  selfsigned ) by running the following command:

    $JAVA_HOME/bin/keytool -export -keystore $VOYENCE_HOME/jboss/server/vc-server/deploy/1vc.sar/voyence-ssl.keystore -alias selfsigned -file cacerts

9. Log in to the RA server as  root .
10. Run the following commands to set required shell session variables:

    . /etc/voyence.conf
    . $TOMCAT_HOME/.bash_profile

11. Copy the newly exported selfsigned SSL certificate file ( selfsigned ) from the AS server to the RA server.
12. Import the selfsigned certificate into to the RA serever keystore by running the following command:

    $JAVA_HOME/jre/lib/security $JAVA_HOME/bin/keytool -keystore $JAVA_HOME/jre/lib/security/cacerts -import -file cacerts -alias selfsigned

13. Restart RA services by running the following command:

    /etc/init.d/tomcat restart