search cancel

SSL Certificate CommonName(xxx.xxx.xxx.xxx) Doesn't Match Peer

book

Article ID: 35399

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

The tunnel server hub does not appear in the list of hubs in the hub GUI in Infrastructure Manager (IM), and the following messages are observed in the hub log file:

Error - "SSL certificate commonName(10.11.12.13) doesn't match peer (10.155.0.3/FC-SERVER3)"

Environment

Release: CNMSPP99000-7.6-Unified Infrastructure Mgmt-Server Pack-- On Prem

These symptoms apply to all hub versions of 5.60 and above.

Note: the error is dependent on the hub version and can therefore appear in virtually any version of Unified Infrastructure Management.

Cause

This issue occurs because the IP address specified as the server common name during creation of the tunnel certificate does not match the client's IP address.  As is the case with the IP 10.11.12.13 in the image above.

Resolution

To correct this a new certificate must be generated and pushed to the tunnel client as follows:

  1. Create a new certificate and specify the client's correct IP address as the common name.  The exact procedure for creating a certificate can be found in the hub probe documentation in the section titled "Setting up a Tunnel".
  2. Copy the new certificate to the tunnel client.  This process is also outlined in the "Setting up a Tunnel" section.
  3. Restart both the server and client hubs.

Additional Information


How to create Tunnels between two hubs and Verify the communication using Queues

https://knowledge.broadcom.com/external/article?articleId=12105

Hub IM Configuration
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/hub/hub-im-configuration.html

Attachments

1558722258170000035399_sktwi1f5rjvs16weh.jpeg get_app