Summary
Question
If for some reason you need to recreate the OA certs running on the OBM servers you can use these steps, note that recreating these certs will mean you will need to update the OA certs in all your managed nodes and integrations done through OA, as well as any policies deployed on those nodes as the signature will change. If you are not certain about what you are about to do, contact support to provide you assistance with your issue.
Answer
1. Delete all certificates from GW’s and DPS’s
mgmtsv# ovcert -list
+---------------------------------------------------------+
| Keystore Content |
+---------------------------------------------------------+
| Certificates: |
| dcd0c94c-cb7d-7506-079a-9cc1b0282993 (*) |
+---------------------------------------------------------+
| Trusted Certificates: |
| CA_dcd0c94c-cb7d-7506-079a-9cc1b0282993 |
+---------------------------------------------------------+
+---------------------------------------------------------+
| Keystore Content (OVRG: server) |
+---------------------------------------------------------+
| Certificates: |
| dcd0c94c-cb7d-7506-079a-9cc1b0282993 (*) |
+---------------------------------------------------------+
| Trusted Certificates: |
| CA_dcd0c94c-cb7d-7506-079a-9cc1b0282993 (*) |
+---------------------------------------------------------+
mgmtsv#: ovcert -remove dcd0c94c-cb7d-7506-079a-9cc1b0282993 -f
INFO: Certificate has been successfully removed.
…
mgmtsv# ovcert -remove dcd0c94c-cb7d-7506-079a-9cc1b0282993 -ovrg server -f
INFO: Certificate has been successfully removed.
…
You should now see the following:
mgmtsv# ovcert -list
+---------------------------------------------------------+
| Keystore Content |
+---------------------------------------------------------+
| Certificates: |
+---------------------------------------------------------+
| Trusted Certificates: |
+---------------------------------------------------------+
+---------------------------------------------------------+
| Keystore Content (OVRG: server) |
+---------------------------------------------------------+
| Certificates: |
+---------------------------------------------------------+
| Trusted Certificates: |
+---------------------------------------------------------+
2. Create new certificates from the DPS server where the certificate manager is running (process ovcs, check with ovc -status)
<HPBSM>/opr/bin/opr-configure-certificates.(bat|sh) -n
3. Grant the pending request. Go to OMi: Administration /Setup and Maintenance / Certificate Request
4. Rerun the configuration wizard on the secondary DPS first then GW’s