When using Single-Sign-On, if you cannot log in to the ROR console after installation, the environment setup may have failed. Stop the manager and then reconfigure the environment.
Execute the keytool command and Resource Orchestrator command, and check if the CA certificate has been imported correctly.
Check the content of the CA certificate (keystore) of ServerView Operations Manager.
Specify the password of a keystore of ServerView Operations Manager as the password of a keystore. For the password of the keystore of ServerView Operations Manager, refer to "Managing SSL certificates on the CMS" in the "User Management in ServerView" of the ServerView Operations Manager manuals.
The CA certificate (keystore) of ServerView Operations Manager is stored in the following location:
ServerView Operations Manager V6.1 or later
[Windows]
ServerView Suite Installation_folder\jboss\standalone\svconf\pki\cacerts
[Linux]
/opt/fujitsu/ServerViewSuite/jboss/standalone/svconf/pki/cacerts
Versions Earlier Than ServerView Operations Manager V6.1
[Windows]
ServerView Suite Installation_folder\jboss\server\serverview\conf\pki\cacerts
[Linux]
/opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts
Example
[Windows Manager]
>C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe -list -keystore "C:\Program Files (x86)\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\cacerts" <RETURN> |
[Linux Manager]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -keystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts <RETURN> |
Check whether the CA certificate of ServerView Operations Manager is imported correctly into the keystore of this product.
Execute the command shown below.
rcxadm authctl diffcert <RETURN> |
The certificates in the following locations are compared and the aliases of certificates that are not in both are displayed.
The CA certificate (keystore) of ServerView Operations Manager
The CA certificate (keystore) registered with Resource Orchestrator
Check the displayed difference information.
The information is displayed as follows:
svs_cms |
When difference is displayed, registration of a CA certificate (keystore) may have failed. In this case, register the CA certificate referring to "8.10.1.2 Registering Certificates".
Even if the alias of the certificate of importing by "3.2 Importing a Certificate to ServerView SSO Authentication Server" of "Setup Guide CE" or test certificate registered when the manager was installed is displayed, it is not necessary to register it in the keystore of Resource Orchestrator.
Use the following procedure to register CA certificates to Resource Orchestrator.
Execute the following command:
rcxadm authctl refreshcert -alias alias <RETURN> |
Specify the alias of the certificate displayed by performing "8.10.1.1 Confirming Certificates" as alias.
When importing two or more certificates to Resource Orchestrator, repeat this procedure for each certificate.
Point
If the root certificate has been registered in the CA certificate (keystore) of ServerView Operations Manager, import a root certificate to Resource Orchestrator.
Check the difference of the CA certificate.
Perform "8.10.1.1 Confirming Certificates", and check that the updated certificate is not displayed.
Import the server certificate to ServerView Operations Manager. For details, refer to "3.2 Importing a Certificate to ServerView SSO Authentication Server" in the "Setup Guide CE".
Check if the connection information of the directory service to be used has been correctly registered in Resource Orchestrator.
Execute the command shown below.
rcxadm authctl show <RETURN> |
The connection information registered in Resource Orchestrator is displayed.
Check the displayed connection information.
The information is displayed as follows:
host: hostx.fujitsu.com |
Check if the directory service settings and the displayed connection information are the same. In particular, note the following information:
If port is the port for SSL communications
If bind is the directory service administrator
(Check if the administrator is a directory service administrator, not a privileged user of Resource Orchestrator)
For details on how to check the connection settings of the directory service provided with ServerView Operations Manager, refer to the following manual.
ServerView Operations Manager V7.0 or earlier
"ServerView user management with OpenDJ" in "User Management in ServerView 6.30"
ServerView Operations Manager V7.1 or later
"ServerView user management with Apache DS" in "User Management in ServerView 7.10"
When there is an error in the connection information, use the following procedure to register the correct information:
Stop the manager.
Configure the correct information.
When using Active Directory or ServerView Operations Manager V5.5 or later
Execute the rcxadm authctl sync command and change the directory service connection information.
When using OpenDS provided with ServerView Operations Manager V5.3
Execute the rcxadm authctl modify command and change the directory service connection information.
Example
>rcxadm authctl modify -bind "cn=Directory Manager" -passwd admin |
Specify the password for the directory server administrator using the passwd option. "admin" is set by default.
Restart the manager.
For details on the rcxadm authctl command, refer to "5.4 rcxadm authctl" in the "Reference Guide (Command/XML) CE".
