After renewing self-signed certificate, communication between Application Server and Device Servers is not restored and jobs will not run
search cancel

After renewing self-signed certificate, communication between Application Server and Device Servers is not restored and jobs will not run

book

Article ID: 331080

calendar_today

Updated On: 01-14-2025

Products

VMware Smart Assurance

Issue/Introduction

Smarts NCM jobs such as config pulls are not running but instead remain listed as Queued for Execution.

Error seen in Smarts NCM syssyncm.log:

Connection Error: SSL certificate check failed: Certificate verification fail - self signed certificate in certificate chain the certificate chain could be built up using the untrusted certificates but the root could not be found locally.



Environment

NCM 10.x

Cause

The new hash key may not have been generated on the Smarts NCM Application server and/or the Device server(s).

Resolution

  • To address this issue, run the Smarts NCM cert_hash.pl script aganist the new voyenceca.crt file to generate the new hash key. This can be done as follows:

    • On the Smarts NCM Application server, change directory to the following:
    $VOYENCE_HOME/conf/CA
    • If running Linux, run the following command to see the directory contents and their details:
    ls -lrt
    • Check the modification time on the new voyenceca.crt file and the hash key file (file with .0 extension).

    • If the hash key file is older than the new voyenceca.crt file, then you need to generate a new hash key file. This is done using the cert_hash.pl perl script in the same directory by running the following command:
    perl cert_hash.pl voyenceca.crt
    • Run 
      ls -lrt
       again and you should see the new hash key generated with the new date.

    • Repeat the preceding steps on each of the Smarts NCM Device Servers in the environment.
      • Services do not need to be restarted. Smarts NCM will immediately start using the new hash key.

    • Start a new Smarts NCM job such as a config pull job and it should now complete successfully.