'MarkLogic Ops Direct: Externally signed server certificate needed
We have installed & configured Marklogic Ops Director to monitor MarkLogic cluster
We were able to configure manage cluster from Ops director, but not able to see details of Manage cluster details in Ops Director.
We checked and found below error in in TaskServer_ErrorLog.txt on Ops Director instance
2019-12-11 10:50:00.066 Info: Externally signed server certificate needed for machine name (Ops Director machine).
We checked configuration and Certificate Authority(ca) is configured correctly
opsdirCa=generate
I am not sure what is not configured correctly here, can you please help?
Solution 1:[1]
Ops Director uses PKI authentication to allow the Ops Director cluster to communicate with the Managed host safely and securely. If you choose to generate a certificate, Ops Director creates a local CA, and a self signed certificate. This CA must also be added to any other clusters that you wish to managed with Ops Director.
In this case it looks like the certificate that Ops Director is attempting to use to authenticate against the managed server is not correct.
First, check the SecureManage
app server on the cluster you are trying to manage (default is 8003). Ensure that the following settings are correct:
- Authentication: Basic
- Internal Security: True
- External Security: Should have an external security credential named
OpsDirectorSystem-[management-cluster-id#]
Then check Security --> External Credentials and make sure the credential above is listed.
Check Security --> Secure Credentials and make sure that there is an entry for opsdir-[managment-cluster-id#]
and that it is correct. Verify that the certificate has the correct information for issuer and subject, and that the target uri pattern is set to https://.*:8003/manage/.*
Check Security --> Certificate Authorities, select the entry that says "MarkLogic" (not "Mark Logic" or "Marklogic Corporation"), and verify that the CommonName is "MarkLogic Ops Director Certificate Authority"
If all of that checks out correctly, then you can try unmanaging the cluster then manage the cluster again. If you run into any errors in this process, check the MarkLogic KB on Ops Director Troubleshooting.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Mads Hansen |