Deploying the System Center Operations Manager 2007 Linux Agent Fails with "The certificate Common Name (CN) does not match"

Deploying the System Center Operations Manager 2007 Linux Agent Fails with "The certificate Common Name (CN) does not match"

Table of Contents

Symptoms

Attempting to deploy the System Center Operations Manager 2007 Linux Agent to a Red Hat server fails. In this scenario you receive the error below while discovering and deploying the agent:

The certificate Common Name (CN) does not match. Please resolve the issue, and then run

The server certificate on the destination computer (<Redhat machine name>) has the following errors:
The SSL certificate is signed by an unknown certificate authority.
The SSL certificate contains a common name (CN) that does not match the hostname.
For additional help on this error please go to ....

Cause

This can occur for either of the following reasons:

- Certificates may not be valid as the reporting server may have been changed

- The certificate contains an incorrect host name

Resolution

To resolve this issue, complete the steps below:

1. Remove the existing contents of the agent directory on the server and reinstall the agent RPM
2. Generate the certificate, making sure to use the correct host name: "/opt/Microsoft/scx/bin/tools/scssslconfig –f –h <hostname>"
3. Check the status of the certificate: "openssl x509 -noout -in /etc/opt/microsoft/scx/ssl/scx.pem -subject -issuer -dates"
4. Discover the agent from the console and sign the invalid certificate without SSH

This is now available in a Microsoft Knowledge Base article here.

-Chandan Bharti

Leave a Comment
  • Please add 4 and 3 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Comments
Page 1 of 1 (1 items)
Wikis - Comment List
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Ed Price - MSFT edited Original. Comment: TOC & tags

Page 1 of 1 (1 items)