none
Linux Agent SSL Certificate Issues.... RRS feed

  • Question

  • OK, so here is what I have. I went and installed the SCOM agent on several Linux servers, all Red Hat. Some are working fine and most others are giving me an invalid certificate error, so they never go green always stay red. I have tried the trick of exporting / importing the certificate to all MS. That seemed to help some, but I still have several red with the same error. When I try and re-discover the Linux server, I get "no action needed" so therefore I can not re-sign the certificate, I'm kind of stumped here. I do have an active case opened with MS, but we seem to have hit a wall. I am posting the error for reference. Any help is appreciated.

    Thanks!

    Error:

     
    The server certificate on the destination computer (ybcdrpur09.corp.ybusa.net:1270) has the following errors: 
    The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.  
    The SSL certificate is signed by an unknown certificate authority.   

    • Moved by WadeWe Wednesday, October 26, 2011 8:47 PM New forum (From:Cross Platform Solutions for System Center)
    Wednesday, January 26, 2011 8:46 PM

Answers

  • We usually see this error when the certificate is invalid on the remote server.  Login to the linux server and run this command as root:

    /opt/microsoft/scx/bin/tools/scxsslconfig -v -f

     

    This will regenerate the certificate, at which point you can use the discovery wizard to re-sign it.   Also take note of the Hostname/domain returned by this command.  If it is incorrect (such as FQDN in the hostname field, and domain name blank), you can attempt to fix that on the OS (hostname command /etc/hosts), or you can hardcode it with:

     

    /opt/microsoft/scx/bin/tools/scxsslconfig -v -f -h hostname -d domain.name

     

     

    Thursday, February 3, 2011 9:58 PM