If you cannot log in to the ROR console after installation, the environment setup may have failed. Stop the manager and then reconfigure the environment.

Execute the keytool command, and check if the CA certificate has been correctly imported.

1. Check the content of the CA certificate (keystore) of ServerView Operations Manager.

   Specify the password of a keystore of ServerView Operations Manager as the password of a keystore. Refer to the following manual for the password of a keystore of ServerView Operations Manager.

   • "ServerView Suite User Management in ServerView"

   The CA certificate (keystore) of ServerView Operations Manager is stored in the following location:

   [Windows]
   ServerView Suite_Installation_folder\jboss\server\serverview\conf\pki\cacerts

   [Linux]
   /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts

   Example

   [Windows Manager]

   >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -keystore "C:\Program Files\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\cacerts" <RETURN> Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry svs_cms, 2011/10/01, trustedCertEntry, Certificate fingerprints (MD5): 02:68:56:4C:33:AF:55:34:87:CA:51:FD:BF:66:47:06

   [Linux Manager]

   # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -keystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts <RETURN> Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry svs_cms, 2011/10/01, trustedCertEntry, Certificate fingerprints (MD5): 02:68:56:4C:33:AF:55:34:87:CA:51:FD:BF:66:47:06

2. Check whether the CA certificate of ServerView Operations Manager is imported correctly at keystore of this product.

   For the -alias option, specify the "alias" displayed in 1.
   When two or more aliases are displayed as a result of 1., check several minutes of the displayed alias.

   The password for the keystore of Resource Orchestrator is set to "changeit" by default.

   Check whether the fingerprints of the certificates displayed by 1. and the fingerprints of the certificates displayed in Resource orchestrator are in agreement.

   Example

   [Windows Manager]

   >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -alias Another_name -keystore "C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\lib\security\cacerts" <RETURN> Enter keystore password: changeit svs_cms, 2012/04/10, trustedCertEntry, Certificate fingerprints (MD5): 02:68:56:4C:33:AF:55:34:87:CA:51:FD:BF:66:47:06 >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -alias Another_name -keystore "C:\Fujitsu\ROR\IAPS\JDK5\jre\lib\security\cacerts"<RETURN> Enter keystore password: changeit svs_cms, 2012/04/10, trustedCertEntry, Certificate fingerprints (MD5): 02:68:56:4C:33:AF:55:34:87:CA:51:FD:BF:66:47:06 >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -alias Another_name -keystore "C:\Fujitsu\ROR\IAPS\JDK6\jre\lib\security\cacerts" <RETURN> Enter keystore password: changeit svs_cms, 2012/04/10, trustedCertEntry, Certificate fingerprints (MD5): 02:68:56:4C:33:AF:55:34:87:CA:51:FD:BF:66:47:06 >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -alias Another_name -keystore "C:\Fujitsu\ROR\SWRBAM\etc\config\ssl\IJINibpmsv\cacerts.jks" <RETURN> Enter keystore password: changeit svs_cms, 2012/04/10, trustedCertEntry, Certificate fingerprints (MD5): 02:68:56:4C:33:AF:55:34:87:CA:51:FD:BF:66:47:06

   [Linux Manager]

   # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> Enter keystore password: changeit svs_cms, 2012/04/10, trustedCertEntry, Certificate fingerprints (MD5): 02:68:56:4C:33:AF:55:34:87:CA:51:FD:BF:66:47:06 # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /opt/FJSVawjbk/jdk5/jre/lib/security/cacerts <RETURN> Enter keystore password: changeit svs_cms, 2012/04/10, trustedCertEntry, Certificate fingerprints (MD5): 02:68:56:4C:33:AF:55:34:87:CA:51:FD:BF:66:47:06 # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /opt/FJSVawjbk/jdk6/jre/lib/security/cacerts <RETURN> Enter keystore password: changeit svs_cms, 2012/04/10, trustedCertEntry, Certificate fingerprints (MD5): 02:68:56:4C:33:AF:55:34:87:CA:51:FD:BF:66:47:06 # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /etc/opt/FJSVswrbam/config/ssl/IJINibpmsv/cacerts.jks <RETURN> Enter keystore password: changeit svs_cms, 2012/04/10, trustedCertEntry, Certificate fingerprints (MD5): 02:68:56:4C:33:AF:55:34:87:CA:51:FD:BF:66:47:06

When the information on the CA certificate is not displayed, or when the fingerprints of a credentials are not in agreement, that means that registration of the CA certificate has failed. In this case, register the CA certificate referring to "12.4.1.2 Registering Certificates".

Use the following procedure to register CA certificates to Resource Orchestrator.

1. Copy the keystore of Resource Orchestrator.

   [Windows Manager]

   • Files to Copy

     Installation_folder\SVROR\Manager\runtime\jre6\lib\security\cacerts

   • Copy Destination

     Installation_folder\SVROR\Manager\runtime\jre6\lib\security\cacerts.org

     
     

   • Files to Copy

     Installation_folder\IAPS\JDK5\jre\lib\security\cacerts

   • Copy Destination

     Installation_folder\IAPS\JDK5\jre\lib\security\cacerts.org

     
     

   • Files to Copy

     Installation_folder\IAPS\JDK6\jre\lib\security\cacerts

   • Copy Destination

     Installation_folder\IAPS\JDK6\jre\lib\security\cacerts.org

     
     

   • Files to Copy

     Installation_folder\SWRBAM\etc\config\ssl\IJINibpmsv\cacerts.jks

   • Copy Destination

     Installation_folder\SWRBAM\etc\config\ssl\IJINibpmsv\cacerts.org

     
     

   [Linux Manager]

   • Files to Copy

     /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts

   • Copy Destination

     /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts.org

     
     

   • Files to Copy

     /opt/FJSVawjbk/jdk5/jre/lib/security/cacerts

   • Copy Destination

     /opt/FJSVawjbk/jdk5/jre/lib/security/cacerts.org

     
     

   • Files to Copy

     /opt/FJSVawjbk/jdk6/jre/lib/security/cacerts

   • Copy Destination

     /opt/FJSVawjbk/jdk6/jre/lib/security/cacerts.org

     
     

   • Files to Copy

     /etc/opt/FJSVswrbam/config/ssl/IJINibpmsv/cacerts.jks

   • Copy Destination

     /etc/opt/FJSVswrbam/config/ssl/IJINibpmsv/cacerts.org

     
     

   Note

   Ensure that the keystore of Resource Orchestrator is copied, as it will be necessary when changing the directory service.

2. Copy the CA Certificate (keystore) of ServerView Operations Manager to the keystore of Resource Orchestrator.

   The CA certificate (keystore) of ServerView Operations Manager is stored in the following location:

   [Windows]
   ServerView Suite_Installation_folder\jboss\server\serverview\conf\pki\cacerts

   [Linux]
   /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts

   Example

   [Windows Manager]

   >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importkeystore -srckeystore " C:\Program Files\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\cacerts" -destkeystore "C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\lib\security\cacerts"<RETURN> >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importkeystore -srckeystore " C:\Program Files\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\cacerts" -destkeystore "C:\Fujitsu\ROR\IAPS\JDK5\jre\lib\security\cacerts"<RETURN> >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importkeystore -srckeystore "C:\Program Files\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\cacerts" -destkeystore "C:\Fujitsu\ROR\IAPS\JDK6\jre\lib\security\cacerts"<RETURN> >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importkeystore -srckeystore "C:\Program Files\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\cacerts" -destkeystore "C:\Fujitsu\ROR\SWRBAM\etc\config\ssl\IJINibpmsv\cacerts.jks"<RETURN>

   [Linux Manager]

   # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts -destkeystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts -destkeystore /opt/FJSVawjbk/jdk5/jre/lib/security/cacerts<RETURN> # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts -destkeystore /opt/FJSVawjbk/jdk6/jre/lib/security/cacerts<RETURN> # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts -destkeystore /etc/opt/FJSVswrbam/config/ssl/IJINibpmsv/cacerts.jks<RETURN>

   After executing the command, enter the password.
   The password for the keystore of Resource Orchestrator is set to "changeit" by default.

3. The following messages will be displayed when import is successfully completed.

   Check the "Another name" section.

   Enter destination keystore password: changeit Enter source keystore password: changeit Entry for Another name successfully imported. Import command completed: 1 entries successfully imported. 0 entries failed or cancelled.

4. Execute the keytool command, and check if the CA certificate has been correctly imported.

   Perform the Procedure of "12.4.1.1 Confirming Certificates" and check whether the CA certificates has been imported correctly.

5. Import the server certificate to ServerView Operations Manager. For details, refer to "3.3 Importing a Certificate to ServerView SSO Authentication Server" in the "Setup Guide CE".

   
   

Check if the connection information of the directory service to be used has been correctly registered in Resource Orchestrator.

1. Execute the following command:

   rcxadm authctl show <RETURN>

   The connection information registered in Resource Orchestrator is displayed.

2. Check the displayed connection information.

   The information is displayed as follows:

   host: hostx.fujitsu.com port: 1474 base: dc=fujitsu,dc=com bind: cn=Directory Manager method: SSL auth: serverview

   Check if the directory service settings and the displayed connection information are the same. In particular, note the following information:

   • If port is the port for SSL communications

   • If bind is the directory service administrator

     (Check if the administrator is a directory service administrator, not a privileged user of Resource Orchestrator)

   For details on how to check the connection settings of the OpenDS provided with ServerView Operations Manager, refer to the following manuals.

   • "Configuring directory service access" and "ServerView user management with OpenDS" in "ServerView Suite User Management in ServerView"

3. When there is an error in the connection information, use the following procedure to register the correct information:

   1. Stop the manager.

   2. Execute the rcxadm authctl modify command and configure the correct information.

   3. Start the manager.

For details on the rcxadm authctl command, refer to "5.4 rcxadm authctl" of the "Reference Guide (Command/XML) CE".