'MarkLogic Ops Direct: Externally signed server certificate needed

We have installed & configured Marklogic Ops Director to monitor MarkLogic cluster

We were able to configure manage cluster from Ops director, but not able to see details of Manage cluster details in Ops Director.

We checked and found below error in in TaskServer_ErrorLog.txt on Ops Director instance

2019-12-11 10:50:00.066 Info: Externally signed server certificate needed for machine name (Ops Director machine).

We checked configuration and Certificate Authority(ca) is configured correctly

opsdirCa=generate

I am not sure what is not configured correctly here, can you please help?

enter image description here enter image description here

cluster-computingmarklogicmonitorcertificate-authority


Solution 1:[1]

Ops Director uses PKI authentication to allow the Ops Director cluster to communicate with the Managed host safely and securely. If you choose to generate a certificate, Ops Director creates a local CA, and a self signed certificate. This CA must also be added to any other clusters that you wish to managed with Ops Director.

In this case it looks like the certificate that Ops Director is attempting to use to authenticate against the managed server is not correct.

First, check the SecureManage app server on the cluster you are trying to manage (default is 8003). Ensure that the following settings are correct:

  • Authentication: Basic
  • Internal Security: True
  • External Security: Should have an external security credential named OpsDirectorSystem-[management-cluster-id#]

Then check Security --> External Credentials and make sure the credential above is listed.

Check Security --> Secure Credentials and make sure that there is an entry for opsdir-[managment-cluster-id#] and that it is correct. Verify that the certificate has the correct information for issuer and subject, and that the target uri pattern is set to https://.*:8003/manage/.*

Check Security --> Certificate Authorities, select the entry that says "MarkLogic" (not "Mark Logic" or "Marklogic Corporation"), and verify that the CommonName is "MarkLogic Ops Director Certificate Authority"

If all of that checks out correctly, then you can try unmanaging the cluster then manage the cluster again. If you run into any errors in this process, check the MarkLogic KB on Ops Director Troubleshooting.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Mads Hansen

Related Questions

why password less ssh not working?

Kubernetes: Error from server (NotFound): deployments.apps "kube-verify" not found

RabbitMQ how to change ownership of an ha queue that did not migrate when node left cluster

Databricks init script is failing to install packages but reporting as "Succeeded" regardless?

ERROR: Unable to start Group Replication 3096 (HY000) Can't add nodes to cluster INNODB

Python scatterplot clustering

Slurm - How to create a job array with jobs that are not in the same folder

Why use devnull with subprocess.check_output in python2?

Make FileAlterationListenerAdaptor.onFileCreate() always single thread, apache.commons.io.monitor

Trigger "application quit unexpectedly" popup when OS X deamon crashes

Twitter monitor output to a Discord server?

MarkLogic Query Console port showing 404 error

Cannot allocate memory when running xdmp:document-filter() in spawn-function()

Cannot see any data in the Marklogic view

Creating a cluster of nodes having different MarkLogic version