Use own CA for OMSA SSL cert?

Chandrasekhar_R at Dell.com Chandrasekhar_R at Dell.com
Fri Jul 8 00:52:39 CDT 2011


Hi Robert,

The keystore password is generated dynamically. If we try to tamper that file then connection service (Web service) will not come up from OMSA6.3 onwards. Can you please try to import certificate through OMSA GUI where you have installed OMSA 6.3 or later?

Thanks,
Chandrasekhar R
Dell | OpenManage
office +91 80 41178649



Message: 2
Date: Thu, 7 Jul 2011 10:37:19 -0400
From: Robert Jacobson <robert.c.jacobson at nasa.gov>
Subject: Use own CA for OMSA SSL cert?
To: <linux-poweredge at dell.com>
Message-ID: <4E15C49F.9080303 at nasa.gov>
Content-Type: text/plain; charset="ISO-8859-1"


Hi,

I'm trying to use my own SSL cert signed by an internal CA for OMSA
6.3.0 on RHEL4, on a PowerEdge 2950.

With OMSA 5.1 I was never able to use the GUI to do it -- the import on my cert always failed with error "ERROR! Import of server.crt failed.
Try again.".  This was even after importing my CA's cert.  I suspect this is a chain issue, but I have no idea how to fix it.

However, I was able to work around it by using "keytool" on the command line to:
   - delete existing "omsa" cert
   - generate a new key and CSR
   - import my CA cert with alias "root"
   - import my CA-signed cert with alias "omsa"

However, I can't do this with OMSA 6.3.0 because the keystore password seems to have changed (i.e. it is no longer "password").

I tried making my own keystore.db (replaced the existing one), but if I do that, the OMSA web service (dsm_om_connsvc) does not function; i.e.
the web page never opens.

I also tried adding my CA cert to the java cacerts store manually with:

keytool -keystore
/opt/dell/srvadmin/lib/openmanage/jre/lib/security/cacerts  -storepass changeit  -import -file ca.crt -alias myca

But the web interface still won't accept my cert (even after restarting the service).

Anyone know what the new password for the keystore is?  Or, how do I get the OMSA server to trust my CA or cert (or both)?

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Robert Jacobson               Robert.C.Jacobson at nasa.gov
Lead System Admin       Solar Dynamics Observatory (SDO)
Bldg 14, E222                             (301) 286-1591 



------------------------------

Message: 3
Date: Thu, 07 Jul 2011 18:44:47 +0200
From: Mgia <mgiashmera at lavabit.com>
Subject: Re: PowerEdge 2950 PERC 6/i (Mgia)
To: linux-poweredge at dell.com
Message-ID: <1310057087.2336.6.camel at all0>
Content-Type: text/plain; charset="UTF-8"

Hi,
> I can only suspect that you are needing help with RHEL or CentOS
> version of the install (correct if needed). I have had less install
> issues with OMSA 6.5 than any version before. Did you preform an
> upgrade or fresh install? If you are using RHEL or CentOS or
> Scientific Linux, you could look at
> http://pjwelsh..com/2011/03/basic-omsa-install-and-useage-with-rhel.html (HERE) for some basic self-promoting install instructions ;) The only interesting part is the need for "yum install srvadmin-all OpenIPMI OpenIPMI-tools dell_ft_install" to *REALLY* get enough to run OMSA.

The install is fine but randomly OMSA does not report acqurate results.
I manage a lot of systems and I found this problem i.e. no storage
controllers found to many installations.

So the issue that I cannot realy rely upon OMSA has anyone experienced
such a weird behavior?
 
> Hope this helps!

Thanks for your response pjwelsh

Mgia




------------------------------

_______________________________________________
Linux-PowerEdge mailing list
Linux-PowerEdge at dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

End of Linux-PowerEdge Digest, Vol 86, Issue 6
**********************************************



More information about the Linux-PowerEdge mailing list