« OpsMgr and Cross Plat - Getting Started | Main | Microsoft working with Xandros to manage NATO's heterogeneous systems across a large distributed network environment »

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Hello,

I am getting the following error:
- The SSL certificate is signed by an unknown certificate authority.
- The SSL certificate contains a common name (CN) that does not match the hostname.

opmgrms1 is the management server
rbticdb1 is the linux machine

/opt/microsoft/scx/tools/scxsslconfig -f -h opmgrms1 -d ad.xxx
I have
subject= /DC=xxx/DC=ad/CN=opmgrms1/CN=opmgrms1.ad.xxx
issuer= /DC=xxx/DC=ad/CN=opmgrms1/CN=opmgrms1.ad.xxx
which seems wrong as it does not work

/opt/microsoft/scx/tools/scxsslconfig -f -v
I have
subject= /DC=xxx/DC=ad/CN=rbticdb1/CN=rbticdb.ad.xxx
issuer= /DC=xxx/DC=ad/CN=rbticdb1/CN=rbticdb1.ad.xxx
which seems wrong as it does not work

when pushed from the server it is another parameter:
subject= /DC=edu/DC=ucla/DC=medctr/DC=ad/CN=mbticdb1/CN=mbticdb1.ad.medctr.ucla.edu
issuer= /CN=SCX-Certificate/title=SCX633376D2-E3E2-4f31-8461-D09259ACEF3D/DC=OPMGRMS1
notBefore=Mar 8 23:14:05 2009 GMT
notAfter=Mar 8 23:18:57 2020 GMT

Which format is correct?

How to fix the wrong certificate if I could not push them from the server?

Thanks,
Dom

Hi Dom, typically you'll get this kind of error if you to a manual install of the linux agent because the server you install on will self sign the certificate. Once this is done, and you try to discover the server through SCOM the management server will then try to resign the certificate and this will fail if the Linux Hostname does not exactly match the hostname as it resolves on the management server.

The first step is checking the way you are doing DNS resolution for the Linux server. If you've added it to your domain DNS server make sure the Linux server host name is the FQDN. If the DNS resolution gives linuxserver.domain.com the hostname has to match or the Certificate will not be generated.

The comments to this entry are closed.