1 Reply Latest reply on Jul 12, 2015 9:40 PM by Bomma

    While using CA signed keystore for agent, communication between agent and server is not happening

    Bomma Lurker

      I am using 4.6.6.1 version of hyperic.

      On which I have been trying to establish SSL communication between server and agent via CA signed certificates.

      The steps that I followed are:

      1) Generated a jks for hyperic-server (CA signed)

      2) Generated a jks for hyperic-agent (CA signed -- CA is the same which I used for hyperic server jks generation)

      3) I followed the below steps mentioned in vFabric Documentation

       

      vFabric Documentation Center

       

      Reconfigure Hyperic for Trusted SSL Certificates

       

      1.   Install and configure a trusted PKC12 format keystore for Hyperic Server:    For each Hyperic 4.6 Agent reporting to the Hyperic Server: 
        1.   

          Obtain an SSL certificate from your CA and install it on the Hyperic Server host. 

        2.   Open ServerHome/conf/hq-server.conf in a text editor. 
        3.   Set the value of accept.unverified.certificates to "false". 
        4.   Define the location of your trusted keystore with the server.keystore.path property. 
        5.   Define the password for your trusted keystore with the server.keystore.password property. 
        6.   Save your changes. 
        7.   Restart the Hyperic Server. 
        1. Obtain an SSL certificate from your CA and install it on the Hyperic Agent host. 

        2.   Open AgentBundle/AgentHome/agent.properties in a text editor. 
        3.   Set the value of agent.setup.acceptUnverifiedCertificate to "false". 
        4.   Define the location of your trusted keystore with the agent.keystore.path property. 
        5.   Define the password for your trusted keystore with the agent.keystore.password property. 
        6.   Save your changes. 
        7.   Restart the Hyperic Agent. 

       

      4) In the EAM_KEYSTORE table of hyperic database I see the CA signed keystore entry for hyperic-server but I do not see the CA signed keystore entry for hyperic-agent.

          Because of which agent and server communication is not happening.


      Observation is that self signed (hyperic default keystore) keystore entry of hyperic agent is seen in database table EAM_KEYSTORE even after performing CA signed keystore process.


      Could you please provide me the cause for this behavior.

      I am not able to establish SSL communication between server and agent because of this issue