If you cannot log in to the ROR console after installation, the environment setup may have failed. Stop the manager and then reconfigure the environment.
Execute the keytool command and Resource Orchestrator command, and check if the CA certificate has been imported correctly.
Check the content of the CA certificate (keystore) of ServerView Operations Manager.
Specify the password of a keystore of ServerView Operations Manager as the password of a keystore. Refer to the following manual for the password of a keystore of ServerView Operations Manager.
The CA certificate (keystore) of ServerView Operations Manager is stored in the following location:
[Windows]
ServerView Suite_Installation_folder\jboss\server\serverview\conf\pki\cacerts
[Linux]
/opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts
Example
[Windows Manager]
>C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -keystore "C:\Program Files\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\cacerts" <RETURN> |
[Linux Manager]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -keystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts <RETURN> |
Check whether the CA certificate of ServerView Operations Manager is imported correctly into the keystore of this product.
Execute the following Resource Orchestrator command.
rcxadm authctl diffcert <RETURN> |
The difference of the CA certificate (keystore) of ServerView Operations Manager and registered the CA certificate (keystore) of Resource Orchestrator is displayed.
Check the displayed difference information.
The information is displayed as follows:
svs_cms |
When difference is displayed, registration of a CA certificate (keystore) may have failed. In this case, register the CA certificate referring to "12.4.1.2 Registering Certificates".
Execute the keytool command.
For the -alias option, specify the "alias" displayed in 1.
When multiple aliases are displayed as a result of 1., check each of the displayed aliases.
The password for the keystore of Resource Orchestrator is set to "changeit" by default.
Check whether the fingerprints of the certificates displayed by 1. and the fingerprints of the certificates displayed in Resource orchestrator match.
Example
[Windows Manager]
>C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -alias Another_name -keystore "C:\Fujitsu\ROR\IAPS\JDK5\jre\lib\security\cacerts"<RETURN> >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -alias Another_name -keystore "C:\Fujitsu\ROR\IAPS\JDK6\jre\lib\security\cacerts" <RETURN> >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -alias Another_name -keystore "C:\Fujitsu\ROR\SWRBAM\etc\config\ssl\IJINibpmsv\cacerts.jks" <RETURN> |
[Linux Manager]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /opt/FJSVawjbk/jdk5/jre/lib/security/cacerts <RETURN> # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /opt/FJSVawjbk/jdk6/jre/lib/security/cacerts <RETURN> # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /etc/opt/FJSVswrbam/config/ssl/IJINibpmsv/cacerts.jks <RETURN> |
When the information on the CA certificate is not displayed, or when the fingerprints of credentials are not in agreement, that means that registration of the CA certificate has failed. In this case, register the CA certificate referring to "12.4.1.2 Registering Certificates".
Use the following procedure to register CA certificates to Resource Orchestrator.
Execute the following command:
rcxadm authctl refreshcert -alias alias <RETURN> |
Specify the alias of the certificate displayed by performing "12.4.1.1 Confirming Certificates" as alias.
When importing two or more certificates to Resource Orchestrator, repeat this procedure for each certificate.
Point
If the root certificate has been registered in the CA certificate (keystore) of ServerView Operations Manager, import a root certificate to Resource Orchestrator.
Check the difference of the CA certificate.
Perform "12.4.1.1 Confirming Certificates", and check that the updated certificate is not displayed.
Copy the keystore of Resource Orchestrator.
[Windows Manager]
Files to Copy
Installation_folder\IAPS\JDK5\jre\lib\security\cacerts
Copy Destination
Installation_folder\IAPS\JDK5\jre\lib\security\cacerts.org
Files to Copy
Installation_folder\IAPS\JDK6\jre\lib\security\cacerts
Copy Destination
Installation_folder\IAPS\JDK6\jre\lib\security\cacerts.org
Files to Copy
Installation_folder\SWRBAM\etc\config\ssl\IJINibpmsv\cacerts.jks
Copy Destination
Installation_folder\SWRBAM\etc\config\ssl\IJINibpmsv\cacerts.org
[Linux Manager]
Files to Copy
/opt/FJSVawjbk/jdk5/jre/lib/security/cacerts
Copy Destination
/opt/FJSVawjbk/jdk5/jre/lib/security/cacerts.org
Files to Copy
/opt/FJSVawjbk/jdk6/jre/lib/security/cacerts
Copy Destination
/opt/FJSVawjbk/jdk6/jre/lib/security/cacerts.org
Files to Copy
/etc/opt/FJSVswrbam/config/ssl/IJINibpmsv/cacerts.jks
Copy Destination
/etc/opt/FJSVswrbam/config/ssl/IJINibpmsv/cacerts.org
Note
Ensure that the keystore of Resource Orchestrator is copied, as it will be necessary when changing the directory service.
Copy the CA Certificate (keystore) of ServerView Operations Manager to the keystore of Resource Orchestrator.
The CA certificate (keystore) of ServerView Operations Manager is stored in the following location:
[Windows]
ServerView Suite_Installation_folder\jboss\server\serverview\conf\pki\cacerts
[Linux]
/opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts
Example
[Windows Manager]
>C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importkeystore -srckeystore " C:\Program Files\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\cacerts" -destkeystore "C:\Fujitsu\ROR\IAPS\JDK5\jre\lib\security\cacerts"<RETURN> >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importkeystore -srckeystore "C:\Program Files\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\cacerts" -destkeystore "C:\Fujitsu\ROR\IAPS\JDK6\jre\lib\security\cacerts"<RETURN> >C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -importkeystore -srckeystore "C:\Program Files\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\cacerts" -destkeystore "C:\Fujitsu\ROR\SWRBAM\etc\config\ssl\IJINibpmsv\cacerts.jks"<RETURN> |
[Linux Manager]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts -destkeystore /opt/FJSVawjbk/jdk5/jre/lib/security/cacerts<RETURN> # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts -destkeystore /opt/FJSVawjbk/jdk6/jre/lib/security/cacerts<RETURN> # /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts -destkeystore /etc/opt/FJSVswrbam/config/ssl/IJINibpmsv/cacerts.jks<RETURN> |
After executing the command, enter the password.
The password for the keystore of Resource Orchestrator is set to "changeit" by default.
The following messages will be displayed when import is successfully completed.
Check the "Another name" section.
Enter destination keystore password: changeit |
Execute the keytool command, and check if the CA certificate has been correctly imported.
Perform the Procedure of "12.4.1.1 Confirming Certificates" and check whether the CA certificates have been imported correctly.
Import the server certificate to ServerView Operations Manager. For details, refer to "3.3 Importing a Certificate to ServerView SSO Authentication Server" in the "Setup Guide CE".
Check if the connection information of the directory service to be used has been correctly registered in Resource Orchestrator.
Execute the following Resource Orchestrator command.
rcxadm authctl show <RETURN> |
The connection information registered in Resource Orchestrator is displayed.
Check the displayed connection information.
The information is displayed as follows:
host: hostx.fujitsu.com |
Check if the directory service settings and the displayed connection information are the same. In particular, note the following information:
If port is the port for SSL communications
If bind is the directory service administrator
(Check if the administrator is a directory service administrator, not a privileged user of Resource Orchestrator)
For details on how to check the connection settings of the OpenDS provided with ServerView Operations Manager, refer to the following manuals.
"Configuring directory service access" and "ServerView user management with OpenDS" in "ServerView Suite User Management in ServerView"
When there is an error in the connection information, use the following procedure to register the correct information:
Stop the manager.
Configure the correct information.
When using Active Directory or ServerView Operations Manager V5.5 or later
Execute the rcxadm authctl sync command and change the directory service connection information.
When using OpenDS provided with ServerView Operations Manager V5.3
Execute the rcxadm authctl modify command and change the directory service connection information.
Example
>rcxadm authctl modify -bind "cn=Directory Manager" -passwd admin |
Specify the password for directory server administrator as a passwd option. The OpenDS Directory Manager's predefined password is "admin".
Start the manager.
For details on the rcxadm authctl command, refer to "5.4 rcxadm authctl" in the "Reference Guide (Command/XML) CE".
