Smarts NCM or Voyence Control: SSL Errors received when launching Report Advisor after fresh install of NCM

Product

 

EMC Software: VoyenceControl

EMC Software: Smarts Network Configuration Manager

Operating System: Linux

Operating System: Windows

 

 

Description


The following conditions, events or system behaviors may be observed with this issue:

 

Smarts NCM Report Advisor fails to launch in a client browser after a fresh installation of Smarts NCM

Hostname-related SSL error appears in the catalina.out file.

 

Cause

 

This issue can occur for the following reasons:

The SSL Certificate CN field is set to a short hostname or Fully Qualified Domain Name (FQDN) that does not match the one used during the installation of the Report Advisor server.

The SSL Certificate from the Application Server was never installed on the Report Advisor server.

 

 

Resolution

 


If you encounter this issue, do the following:

 

1. Log into the Smarts NCM Application Server (AS) as ‘root’ user.

2. Run the following command to set NCM related session variables:

 

     . /etc/voyence.conf

 

3. Navigate to the $VOYENCE_HOME/bin/ path and run the following command:

 

    perl makekeystore.pl

 

4. Make sure that voyence-ssl.keystore has the FQDN name as CN field displayed by running the following commands (Note: The keystore password must be supplied to run this command successfully; default is ‘change management’):

 

    . /etc/jboss.conf

    keytool -list -v -keystore $JBOSS_HOME/server/vc-server/deploy/1vc.sar/voyence-ssl.keystore

 

5. Verify that the keystore file permissions and ownership are set to ‘-rw-r----- jboss voyence’. If modifications are needed, run the following commands:

 

    chown jboss:voyence $JBOSS_HOME/server/vc-server/deploy/1vc.sar/voyence-ssl.keystore

    chmod 640 $JBOSS_HOME/server/vc-server/deploy/1vc.sar/voyence-ssl.keystore

 

6. Restart jboss services by running the following command:

 

    service jboss restart

 

7. Repopulate and export all session variables by running the following command:

 

    . /etc/voyence.conf

 

8. Export the regenerated selfsigned certificate from the voyence-ssl.keystore to a file (ex. ‘selfsigned’) by running the following command:

 

    $JAVA_HOME/bin/keytool -export -keystore $VOYENCE_HOME/jboss/server/vc-server/deploy/1vc.sar/voyence-ssl.keystore -alias selfsigned -file cacerts

 

9. Log in to the RA server as ‘root’.

10. Run the following commands to set required shell session variables:

 

    . /etc/voyence.conf

    . $TOMCAT_HOME/.bash_profile

 

11. Copy the newly exported selfsigned SSL certificate file (‘selfsigned’) from the AS server to the RA server.

12. Import the selfsigned certificate into to the RA serever keystore by running the following command:

 

$JAVA_HOME/jre/lib/security $JAVA_HOME/bin/keytool -keystore $JAVA_HOME/jre/lib/security/cacerts -import -file cacerts -alias selfsigned

 

13. Restart RA services by running the following command:

 

    /etc/init.d/tomcat restart

 

 


For more information, Refer to EMC Solution Article 169582