If you cannot log in to the ROR console after installation, the environment setup may have failed. Stop the manager and then reconfigure the environment.

Execute the keytool command, and check if the CA certificate has been correctly imported. For the -alias option, specify "svs_cms".
When using individually configured OpenDS or ActiveDirectory, specify ror_ldap_1 for the -alias option.

When the information on the CA certificate is not displayed, that means that registration of the CA certificate has failed. In this case, register the CA certificate referring to "4.5.5.2 Registering Certificates".

Use the following procedure to register CA certificates to Resource Orchestrator.

1. Copy the keystore of Resource Orchestrator.

   [Windows]

   • Files to Copy

     Installation_folder\SVROR\Manager\runtime\jre6\lib\security\cacerts

   • Copy Destination

     Installation_folder\SVROR\Manager\runtime\jre6\lib\security\cacerts.org

     
     

   • Files to Copy

     Installation_folder\IAPS\JDK5\jre\lib\security\cacerts

   • Copy Destination

     Installation_folder\IAPS\JDK5\jre\lib\security\cacerts.org

   [Linux]

   • Files to Copy

     /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts

   • Copy Destination

     /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts.org

   • Files to Copy

     /opt/FJSVawjbk/jdk5/jre/lib/security/cacerts

   • Copy Destination

     /opt/FJSVawjbk/jdk5/jre/lib/security/cacerts.org

   Note

   Ensure that the keystore of Resource Orchestrator is copied, as it will be necessary when changing the directory service.

2. Import the CA certificate (keystore) of ServerView Operations Manager to the keystore of Resource Orchestrator.

   The CA certificate (keystore) of ServerView Operations Manager is stored in the following location:

   [Windows]
   ServerView Suite_installation_folder\jboss\server\serverview\conf\pki\keystore

   [Linux]
   /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/keystore

   Example

   [Windows]

   >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importkeystore -srckeystore " C:\Program Files\Fujitsu\ServerView Suite \jboss\server\serverview\conf\pki\keystore" -destkeystore "C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\lib\security\cacerts" <RETURN> >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importkeystore -srckeystore " C:\Program Files\Fujitsu\ServerView Suite \jboss\server\serverview\conf\pki\keystore" -destkeystore "C:\Fujitsu\ROR\IAPS\JDK5\jre\lib\security\cacerts"<RETURN>

   [Linux]

   # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/keystore -destkeystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/keystore -destkeystore /opt/FJSVawjbk/jdk5/jre/lib/security/cacerts <RETURN>

   After executing the command, enter the password.
   The password for the keystore of Resource Orchestrator is set to "changeit" by default.

3. The following messages will be displayed when import is successfully completed.

   Check the "Another name" section.

   Enter destination keystore password: changeit Enter source keystore password: changeit Entry for Another name svs_cms successfully imported. Import command completed: 1 entries successfully imported. 0 entries failed or cancelled.

4. Execute the keytool command, and check if the CA certificate has been correctly imported.

   For the -alias option, specify the "another name" checked in 3.

   Example

   [Windows]

   >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -alias Another_name -keystore " C:\Fujitsu\ROR\Manager\runtime\jre6\lib\security\cacerts" <RETURN> Enter keystore password: changeit svs_cms, 2010/10/05, PrivateKeyEntry, Certificate fingerprints (MD5): C9:3C:8B:8B:C6:BA:67:92:89:70:D1:00:55:A3:CD:6 >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -alias Another_name -keystore " C:\Fujitsu\ROR\IAPS\JDK5\jre\lib\security\cacerts"<RETURN> Enter keystore password: changeit svs_cms, 2010/10/05, PrivateKeyEntry, Certificate fingerprints (MD5): C9:3C:8B:8B:C6:BA:67:92:89:70:D1:00:55:A3:CD:6

   [Linux]

   # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> Enter keystore password: changeit svs_cms, 2010/10/05, PrivateKeyEntry, Certificate fingerprints (MD5): C9:3C:8B:8B:C6:BA:67:92:89:70:D1:00:55:A3:CD:6 # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /opt/FJSVawjbk/jdk5/jre/lib/security/cacerts <RETURN> Enter keystore password: changeit svs_cms, 2010/10/05, PrivateKeyEntry, Certificate fingerprints (MD5): C9:3C:8B:8B:C6:BA:67:92:89:70:D1:00:55:A3:CD:6

5. Import the CA certificate of the individually configured directory service to the keystore of Resource Orchestrator.

   When using a directory service other than OpenDS that comes with ServerView Operations Manager, import the CA certificate of the directory service to the keystore of Resource Orchestrator.
   The CA certificate format is the DER encoded binary X.509 (CER) format.

   Example

   • When Using Active Directory

     >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importcert -alias rcve_ldap -trustcacerts -file c:\myserver.serverview.local_svsca.crt -keystore "C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\lib\security\cacerts" Enter keystore password: changeit Owner: CN=svsca, DC=serverview, DC=local Issuer: CN=svsca, DC=serverview, DC=local Serial number: 22646549ec7ac1994cc3a2b8eff66e27 Valid from: Mon Oct 04 11:19:47 JST 2010 until: Sun Oct 04 11:26:54 JST 2015 Certificate fingerprints: MD5: 70:E3:CB:23:6F:D1:17:00:56:CA:E2:0D:30:73:14:A8 SHA1: 01:3C:06:81:2D:3F:6D:D9:C3:A6:D4:AA:7B:D5:5E:D5:5F:43:90:E5 Signature algorithm name: SHA1withRSA Version: 3 ... Trust this certificate? [no]: yes >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importcert -alias rcve_ldap -trustcacerts -file c:\myserver.serverview.local_svsca.crt -keystore "C:\Fujitsu\ROR\IAPS\JDK5\jre\lib\security\cacerts" Enter keystore password: changeit Owner: CN=svsca, DC=serverview, DC=local Issuer: CN=svsca, DC=serverview, DC=local Serial number: 22646549ec7ac1994cc3a2b8eff66e27 Valid from: Mon Oct 04 11:19:47 JST 2010 until: Sun Oct 04 11:26:54 JST 2015 Certificate fingerprints: MD5: 70:E3:CB:23:6F:D1:17:00:56:CA:E2:0D:30:73:14:A8 SHA1: 01:3C:06:81:2D:3F:6D:D9:C3:A6:D4:AA:7B:D5:5E:D5:5F:43:90:E5 Signature algorithm name: SHA1withRSA Version: 3 ... Trust this certificate? [no]: yes

   • When Using OpenDS

     >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importkeystore -srckeystore "C:\win32app\OpenDS-2.2.0\config\keystore" -destkeystore C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\lib\security\cacerts Enter destination keystore password: changeit Enter source keystore password: changeit Entry for Another name server-cert successfully imported. Import command completed: 1 entries successfully imported. 0 entries failed or cancelled. >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importkeystore -srckeystore "C:\win32app\OpenDS-2.2.0\config\keystore" -destkeystore C:\Fujitsu\ROR\IAPS\JDK5\jre\lib\security\cacerts Enter destination keystore password: changeit Enter source keystore password: changeit Entry for Another name server-cert successfully imported. Import command completed: 1 entries successfully imported. 0 entries failed or cancelled.

6. Import the server certificate to ServerView Operations Manager. For details, refer to "6.3.5 Importing a Certificate to ServerView SSO Authentication Server".

   
   

Check if the connection information of the directory service to be used has been correctly registered in Resource Orchestrator.

1. Execute the following command:

   rcxadm authctl show <RETURN>

   The connection information registered in Resource Orchestrator is displayed.

2. Check the displayed connection information.

   The information is displayed as follows:

   ip address: 127.0.0.1 port: 1474 base: dc=fujitsu,dc=com bind: cn=Directory Manager method: SSL auth: serverview

   Check if the directory service settings and the displayed connection information are the same. In particular, note the following information:

   • If port is the port for SSL communications

   • If bind is the directory service administrator

     (Check if the administrator is a directory service administrator, not a privileged user of Resource Orchestrator)

   For details on how to check the connection settings of the OpenDS provided with ServerView Operations Manager, refer to the following manuals.

   • "Configuring directory service access" and "ServerView user management with OpenDS" in "ServerView Suite User Management in ServerView"

3. When there is an error in the connection information, use the following procedure to register the correct information:

   1. Stop the manager.

   2. Execute the rcxadm authctl modify command and configure the correct information.

   3. Start the manager.

For details on the rcxadm authctl command, refer to "1.7.10 rcxadm authctl" of the "Reference Guide (Resource Management) CE".