Use own CA for OMSA SSL cert?
robert.c.jacobson at nasa.gov
Thu Jul 7 09:37:19 CDT 2011
I'm trying to use my own SSL cert signed by an internal CA for OMSA
6.3.0 on RHEL4, on a PowerEdge 2950.
With OMSA 5.1 I was never able to use the GUI to do it -- the import on
my cert always failed with error "ERROR! Import of server.crt failed.
Try again.". This was even after importing my CA's cert. I suspect
this is a chain issue, but I have no idea how to fix it.
However, I was able to work around it by using "keytool" on the command
- delete existing "omsa" cert
- generate a new key and CSR
- import my CA cert with alias "root"
- import my CA-signed cert with alias "omsa"
However, I can't do this with OMSA 6.3.0 because the keystore password
seems to have changed (i.e. it is no longer "password").
I tried making my own keystore.db (replaced the existing one), but if I
do that, the OMSA web service (dsm_om_connsvc) does not function; i.e.
the web page never opens.
I also tried adding my CA cert to the java cacerts store manually with:
changeit -import -file ca.crt -alias myca
But the web interface still won't accept my cert (even after restarting
Anyone know what the new password for the keystore is? Or, how do I get
the OMSA server to trust my CA or cert (or both)?
Robert Jacobson Robert.C.Jacobson at nasa.gov
Lead System Admin Solar Dynamics Observatory (SDO)
Bldg 14, E222 (301) 286-1591
More information about the Linux-PowerEdge