Is anyone else seeing weirdness in 6.11.6 where assigning a public certificate to HTTPS causes IVConnector to produce certificate verification errors?
IVConnector: Could not verify SSL certificates while sending netevents to Netwatch for URL: https://x.x.x.x/netwatch/netevents
I obfuscated the IP since this is a customer site, but it's weird that IVConnector is using the IP address and not the configured FQDN of the node when sending API requests, if certificate verification is a thing they want to do for Insight.
I haven't seen this behavior before on other boxes, but this is the first box I've had 6.11.6 on. It's a little annoying because it fills the event log on the system (events are several times per minute).
Yes, I got the same issue and after a TAC case I got the solution to search for the root certificate of the https certificate in the trust list and disable or delete all but the correct one.
It turned out that I had two root certificates with the same common name, but with different validity times active and ClearPass can't handle this situation.
From my knowledge ClearPass can handle two Intermediate CA certificates with the same common name, so I can't understand why the same doesn't work with the root certificates.
IVConnector: Could not verify SSL certificates while sending netevents to Netwatch for URL: https://x.x.x.x/netwatch/netevents<o:p></o:p>
Thanks, will check into that! It's very possible I uploaded a redundant cert as this was a reimage of 6.10.x to 6.11.x and that process involves a lot of importing and exporting.
(409) 454-7250 - cell
I got the error when I did a second restore of the 6.10 backup file to the 6.11 server as we had run some test for a while on 6.11 and I needed the 6.11 instance to be in sync with the latest updates in the 6.10 server before moving the authentication to the 6.11 servers.
That was exactly it. There was a change in the issuer's root certificate (extending expiration) between that particular release of 6.10 and 6.11. It allowed me to import an older root certificate from the old cluster with a duplicate common name (while following the import procedure). Removing that older certificate corrected the problem.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.