Smarts NCM / SA Suite SolutionPack: How to configure Third-Party Certificate Monitoring reports with NCM 9.4.0.2; Configuring 3rd-party Certificates for Monitoring reports with NCM
search cancel

Smarts NCM / SA Suite SolutionPack: How to configure Third-Party Certificate Monitoring reports with NCM 9.4.0.2; Configuring 3rd-party Certificates for Monitoring reports with NCM

book

Article ID: 331158

calendar_today

Updated On:

Products

VMware Smart Assurance

Environment

VMware Smart Assurance - NCM

Resolution

What is the new procedure for configuring Third-Party Certificate Monitoring reports with Smarts NCM 9.4 Patch 2

Additional steps are required for Certificate Monitoring reports to work on the NCM server running version 9.4 Patch 2 software. These steps are required for accessing the WS API in NCM used by the Certificate Monitoring reports. Otherwise, the logs show certificate and communication errors and the Certificate Monitoring reports are empty.

Before you begin
Install version 9.4 patch 2 software on the NCM server. If you are not using a third-party certificate, follow the procedures in - Here

Procedure
1.
Log in to the NCM host and copy "$VOYENCE_HOME/conf/server.p12" to the EMC M&R destination machine where the WS API client is configured (for example, /opt).

    server.p12 will be generated when installing the third-party certificate using the
    SSL utility for NCM 9.4.0.2.


2. On the destination machine, type the following command as one line and press Enter:
     
     
$APG_HOME/Java/Sun-JRE/8.0u31/bin>keytool -changealias -keystore
     "/opt/server.p12" -alias 1 -destalias newalias -storetype pkcs12
    

3. Enter the keystore password.
     Use the same password given during certificate installation.

4. On the destination machine, type the following command as one line and press Enter.
     
      $JAVA_HOME/bin>keytool -importkeystore -srckeystore "/opt/server.p12" -destkeystore 
     "$APG_HOME/Java/Sun-JRE/8.0u31/lib/security/cacerts" -srcstoretype pkcs12

          
5. Enter the destination keystore password: changeit

6. Enter the source keystore password.
     Use the source keystore password given during certificate installation.

    These results should display:

    Entry for alias 1 successfully imported. Import command
    completed: 1 entries successfully imported, 0 entries failed
    or cancelled.


7. Go to the <EMC_M&R_install>/bin directory and run the following command  
     to restart all of the services:

      ./manage-modules service restart all

      The following exception message should no longer display in the collector logs  
     (APG/Collecting/Collector-Manager/emc-ncm/logs):

     javax.net.ssl.SSLHandshakeException:                                      
     sun.security.validator.ValidatorException: PKIX path building failed:       
      sun.security.provider.certpath.SunCertPathBuilderException:
     unable to find valid certification path to requested
     target at
     sun.security.ssl.Alerts.getSSLException(Alerts.java:192)