How do I configure an AppManager for UNIX agent to use encryption? (NETIQKB54678)

  • 7754678
  • 02-Feb-2007
  • 18-Mar-2010

Environment

  • AppManager for UNIX 6.5
  • AppManager for UNIX 7.0.1
  • AppManager for UNIX 7.1

Situation

How do I configure an AppManager for UNIX agent to use encryption?
Error: 'I/O Error with socket stream.'

AppManager UNIX agents grey-out over an encrypted connection.

Resolution

To generate a new key and enable it on the UNIX agent:

  1. Generate a new key on the management server(s):
    • C:\Documents and Settings\Administrator>nqkeygenunix -db qdb:sa:lodestone -new
      Please enter the SQL password: ******
      Database connection successful
      Current Unix Agent security level is = 0;
      0=none; 1=encrypt; 2=MS auth;
      This command is going to overwrite the existing key
      and install a new key.  Are you sure(y/n) ? y
      Please enter the key password: ******
      Saving into QDB successful.
      Operation succeeded.
  2. Check the key out from the QDB and into a file on the MS:
    • C:\Documents and Settings\Administrator>nqkeygenunix -db qdb:sa:lodestone -skey AMUNIXKey
      Please enter the SQL password: ******
      Database connection successful
      Current Unix Agent security level is = 0;
      0=none; 1=encrypt; 2=MS auth;
      Extraction from QDB successful.
      Operation succeeded.
      Saving server key file successful.
      Operation succeeded.
  3. Copy the file AMUNIXKey to your UNIX agent under AMUNIXAGENTPATH/conf/
  4. In a text editor, edit the XML file AMUNIXAGENTPATH/conf/nqmcfg.xml
  5. Insert or update this line (with the appropriate path and file name) immediately before the end of a configuration section, signified by </CONFIGURATION>:
    • <KEY_STORE_FILE>AMUNIXAGENTPATH/conf/AMUNIXKey</KEY_STORE_FILE>
  6. Save the file.
  7. Cold start the UNIX agent.

Cause

The key is invalid for the current time and date.

Additional Information

Formerly known as NETIQKB54678

Feedback service temporarily unavailable. For content questions or problems, please contact Support.