Recreate OA certificates for OBM management servers

  • Document ID:KM03812422
  • Creation Date:31-May-2021
  • Modified Date:07-Jun-2021
    • Micro Focus Products:
      operations agent
      operations bridge manager

Summary

Create new certs for the OBM servers using same core ID’s and, opr-configure-certificates command.

Question

If for some reason you need to recreate the OA certs running on the OBM servers you can use these steps, note that recreating these certs will mean you will need to update the OA certs in all your managed nodes and integrations done through OA, as well as any policies deployed on those nodes as the signature will change. If you are not certain about what you are about to do, contact support to provide you assistance with your issue.

Answer

1.    Delete all certificates from GW’s and DPS’s


mgmtsv# ovcert -list
+---------------------------------------------------------+
| Keystore Content |
+---------------------------------------------------------+
| Certificates: |
| dcd0c94c-cb7d-7506-079a-9cc1b0282993 (*) |
+---------------------------------------------------------+
| Trusted Certificates: |
| CA_dcd0c94c-cb7d-7506-079a-9cc1b0282993 |
+---------------------------------------------------------+
+---------------------------------------------------------+
| Keystore Content (OVRG: server) |
+---------------------------------------------------------+
| Certificates: |
| dcd0c94c-cb7d-7506-079a-9cc1b0282993 (*) |
+---------------------------------------------------------+
| Trusted Certificates: |
| CA_dcd0c94c-cb7d-7506-079a-9cc1b0282993 (*) |
+---------------------------------------------------------+


mgmtsv#: ovcert -remove dcd0c94c-cb7d-7506-079a-9cc1b0282993 -f
INFO: Certificate has been successfully removed.

mgmtsv# ovcert -remove dcd0c94c-cb7d-7506-079a-9cc1b0282993 -ovrg server -f
INFO: Certificate has been successfully removed.


You should now see the following:


mgmtsv# ovcert -list
+---------------------------------------------------------+
| Keystore Content |
+---------------------------------------------------------+
| Certificates: |
+---------------------------------------------------------+
| Trusted Certificates: |
+---------------------------------------------------------+
+---------------------------------------------------------+
| Keystore Content (OVRG: server) |
+---------------------------------------------------------+
| Certificates: |
+---------------------------------------------------------+
| Trusted Certificates: |
+---------------------------------------------------------+


2.    Create new certificates from the DPS server where the certificate manager is running (process ovcs, check with ovc -status)
<HPBSM>/opr/bin/opr-configure-certificates.(bat|sh) -n
 
3.    Grant the pending request. Go to OMi: Administration /Setup and Maintenance / Certificate Request


4.    Rerun the configuration wizard on the secondary DPS first then GW’s