DX NetOps Mediation Manager (DX NetOps MM) installation completed successfully.

However the DX NetOps MM web UI does not display any Controllers:

 

 

When try to start the services with "startall" it fails with "SEVERE: Failed to start component”:

 

• /opt/CA/CAMM/MC/logs/*
• /opt/CA/CAMM/LC/logs/*
• /opt/CA/CAMM/DS/logs/*

Collected GenericController/GE logs from /opt/CA/CAMM/GE_*/logs/*log directory.  They show these messages:

Nov 15, 2024 12:03:51 PM com.torokina.tim.communication.protocol.security.TimSecureSslContextFactory getKeyStoreDetails
WARNING: KeyStore config file does not exists at::/opt/CA/CAMM/GE_root/Keystore_Details.xml
Nov 15, 2024 12:03:51 PM com.torokina.tim.communication.protocol.security.TimSecureSslContextFactory
INFO: Initializing SSLContext with default context
Nov 15, 2024 12:03:51 PM com.torokina.tim.runner.daemon.TimAppDaemon startApp
SEVERE: No content data
Nov 15, 2024 12:03:52 PM com.torokina.tim.runner.daemon.TimAppDaemon$TimAppDaemonHandler exceptionCaught
SEVERE: Execption occurs on daemon handler
javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate

All supported DX NetOps Mediation Manager releases on Red Hat release 9.x

This is due to an SSL issue with the keystore from the java code. By default DX NetOps MM components communicate over SSL, and this cannot be disabled.

The current certs provided in the keystore use a weak signature algorithm. 

The most current OS's, like the Red Hat 9.x release in use here, no longer support weak signature algorithms.

Engineering provided the following workaround. It has us configure a stronger signature algorithm for the self-signed certificates generated in the keystore file for DX NetOps MM components  and their communication over SSL.

Points #1 and #2 will help to generate a keystore with a self-signed certificate.

Point #3 will help to configure the same to communicate DX NetOps MM components over SSL. 

1. Locate the keytool utility available in the (default path) $JAVA_HOME/bin/keytool directory
   • The JAVA_HOME path can be found in config file at /opt/CA/CAMM/tools/camm.env
2. Generate a keystore file (keystore.jks) with a self-signed certificate with the following command. This command can be run from any DX NetOps MM host.
   
   • $JAVA_HOME/bin/ keytool -genkey -alias CAMM host fqdn -keyalg RSA -keypass your_password -storepass your_password -keystore keystore.jks -storetype JKS -validity 3650 -dname "CN= CAMM host fqdn, OU=nnn, O=xxxx, L=yyy, S=zzzzzzzzz, C=nn"
   • In the above command, replace these parameters with the appropriate ones for your environment:
     • CAMM host fqdn with your CAMM host FQDN.
     • your_password with the desired password.
     • OU=nnn, O=xxxx, L=yyy, S=zzzzzzzzz, C=nn
3. Once the above command generates the keystore.jks file, place it at secured directory in DX NetOps MM host.

Follow the steps in page Enable HTTPS for Non-SNMP Monitoring

Note: If you are running multiple LC's and MC's then the above steps has to be followed for all CAMM hosts.