SSL Certificate CommonName(xxx.xxx.xxx.xxx) Doesn't Match Peer

book

Article ID: 35399

calendar_today

Updated On:

Products

DX Infrastructure Management NIMSOFT PROBES

Issue/Introduction

Symptoms: 

The tunnel server hub does not appear in the list of hubs in the hub GUI in Infrastructure Manager (IM), and the following messages are observed in the hub log file:

<Please see attached file for image>

User-added image

Error - "SSL certificate commonName(10.11.12.13) doesn't match peer (10.155.0.3/FC-SERVER3)"

Environment:  

These symptoms apply to all hub versions of 5.60 and above.

Note: the error is dependent on the hub version and can therefore appear in virtually any version of Unified Infrastructure Management.

Cause: 

This issue occurs because the IP address specified as the server common name during creation of the tunnel certificate does not match the client's IP address.  As is the case with the IP 10.11.12.13 in the image above.

Resolution:

To correct this a new certificate must be generated and pushed to the tunnel client as follows:

1. Create a new certificate and specify the client's correct IP address as the common name.  The exact procedure for creating a certificate can be found in the hub probe documentation in the section titled "Setting up a Tunnel".

2. Copy the new certificate to the tunnel client.  This process is also outlined in the "Setting up a Tunnel" section.

3. Restart both the server and client hubs.

Environment

Release: CNMSPP99000-7.6-Unified Infrastructure Mgmt-Server Pack-- On Prem
Component:

Attachments

1558722258170000035399_sktwi1f5rjvs16weh.jpeg get_app