Use own CA for OMSA SSL cert?

Robert Jacobson robert.c.jacobson at nasa.gov
Thu Jul 7 09:37:19 CDT 2011


Hi,

I'm trying to use my own SSL cert signed by an internal CA for OMSA
6.3.0 on RHEL4, on a PowerEdge 2950.

With OMSA 5.1 I was never able to use the GUI to do it -- the import on
my cert always failed with error "ERROR! Import of server.crt failed.
Try again.".  This was even after importing my CA's cert.  I suspect
this is a chain issue, but I have no idea how to fix it.

However, I was able to work around it by using "keytool" on the command
line to:
   - delete existing "omsa" cert
   - generate a new key and CSR
   - import my CA cert with alias "root"
   - import my CA-signed cert with alias "omsa"

However, I can't do this with OMSA 6.3.0 because the keystore password
seems to have changed (i.e. it is no longer "password").

I tried making my own keystore.db (replaced the existing one), but if I
do that, the OMSA web service (dsm_om_connsvc) does not function; i.e.
the web page never opens.

I also tried adding my CA cert to the java cacerts store manually with:

keytool -keystore
/opt/dell/srvadmin/lib/openmanage/jre/lib/security/cacerts  -storepass
changeit  -import -file ca.crt -alias myca

But the web interface still won't accept my cert (even after restarting
the service).

Anyone know what the new password for the keystore is?  Or, how do I get
the OMSA server to trust my CA or cert (or both)?

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Robert Jacobson               Robert.C.Jacobson at nasa.gov
Lead System Admin       Solar Dynamics Observatory (SDO)
Bldg 14, E222                             (301) 286-1591 



More information about the Linux-PowerEdge mailing list