Environment
- AppManager for UNIX 6.5
- AppManager for UNIX 7.0.1
- AppManager for UNIX 7.1
Situation
How do I configure an AppManager for UNIX agent to use encryption?
Error: 'I/O Error with socket stream.'
AppManager UNIX agents grey-out over an encrypted connection.
Error: 'I/O Error with socket stream.'
AppManager UNIX agents grey-out over an encrypted connection.
Resolution
To generate a new key and enable it on the UNIX agent:
- Generate a new key on the management server(s):
- C:\Documents and Settings\Administrator>nqkeygenunix -db qdb:sa:lodestone -new
Please enter the SQL password: ******
Database connection successful
Current Unix Agent security level is = 0;
0=none; 1=encrypt; 2=MS auth;
This command is going to overwrite the existing key
and install a new key. Are you sure(y/n) ? y
Please enter the key password: ******
Saving into QDB successful.
Operation succeeded.
- C:\Documents and Settings\Administrator>nqkeygenunix -db qdb:sa:lodestone -new
- Check the key out from the QDB and into a file on the MS:
- C:\Documents and Settings\Administrator>nqkeygenunix -db qdb:sa:lodestone -skey AMUNIXKey
Please enter the SQL password: ******
Database connection successful
Current Unix Agent security level is = 0;
0=none; 1=encrypt; 2=MS auth;
Extraction from QDB successful.
Operation succeeded.
Saving server key file successful.
Operation succeeded.
- C:\Documents and Settings\Administrator>nqkeygenunix -db qdb:sa:lodestone -skey AMUNIXKey
- Copy the file AMUNIXKey to your UNIX agent under AMUNIXAGENTPATH/conf/
- In a text editor, edit the XML file AMUNIXAGENTPATH/conf/nqmcfg.xml
- Insert or update this line (with the appropriate path and file name) immediately before the end of a configuration section, signified by </CONFIGURATION>:
- <KEY_STORE_FILE>AMUNIXAGENTPATH/conf/AMUNIXKey</KEY_STORE_FILE>
- Save the file.
- Cold start the UNIX agent.
Cause
The key is invalid for the current time and date.
Additional Information
Formerly known as NETIQKB54678