Unable to connect to the SCMB server using a CA-signed client certificate
After creating a CA-signed client certificate, you are still unable to establish a connection to the SCMB server.
Solution 1Cause
Action
The client certificate is not signed by a Certificate Authority (CA) that is trusted by the appliance.
-
Verify the CA that signed the client certificate using the following command:
openssl verify -verbose -CAfile ca.pem cert.pem
- Ensure the CA root and intermediate certificates listed are trusted by the appliance by going to Settings > Security and checking the list of trusted CAs.
- If the CA you used to sign the client certificate is not present, add the CA to HPE OneView.
Solution 2Cause
Action
Root CA certificate or intermediate CA certificates used to sign the SCMB server certificate are not included in the CA certificates file used by the client.
Ensure the CA certificates file used by the client includes the root certificate and any intermediate CA certificates that signed the SCMB server certificate.
Solution 3Cause
Action
Intermediate CA used to sign the client certificate is not included in the CA certificates file used by the client.
Ensure the CA certificates file used by the client includes the intermediate CA that signed the client certificate.
Solution 4Cause
Action
The client certificate uses a Common Name other than
rabbitmq_readonly
.
-
Use this command to display the certificate attributes:
openssl x509 -noout -text -in cert.pem
-
If the client certificate has a Common Name other than
rabbitmq_readonly
, create a new client certificate. The Common Name for the client certificate must be set torabbitmq_readonly
, since the SCMB server is configured to accept connections from this user.
Solution 5Cause
Action
The CA chain contains more than nine intermediate certificates, NOT including the Root CA (Root CA > Intermediate 1 > Intermediate 2 > ... > Intermediate 8 > Intermediate 9).
HPE OneView is only capable of supporting up to nine levels of CA chains. Trim the lowest levels of the CA chain so it contains less than nine levels.