05 December 2010

Troubleshooting Certificates Errors when you install Cross Platform Agents in SCOM

Objective:Install Cross Platform agent to a Red Hat Linux Enterprise Server v5.4

Issue Faced: When you are about the install your agent into the Linux server … and you get hit with a failed installation with the following error.

The SSL certificate contains a common name (CN) that does not match the hostname.



Potential Cause: There are many reasons for such an error. But we can pretty much be sure that this revolves around hostname for the Linux server.


Troubleshoot the Issue:

From the Linux server, launch your terminal console and type the following

openssl x509 -noout -in /etc/opt/microsoft/scx/ssl/scx.pem -subject -issuer –dates


Now you can clearly see that the problem here is that the CN is webproxy.contoso.com

(A bit of history, I have previously used this Linux server in another environment and have installed Cross Platform in it but since then I have changed the FQDN for the server)



To resolve this, we will need to change the Subject Name in the certificate to RHEL.SystemCenter.local

To do this, execute the following command

/opt/microsoft/scx/bin/tools/scxsslconfig -f –v

(This will change the host name and re-create the certificate and private key)


Re run the query of the certificate CN


Let’s retry the re-installation of the agent.


Voila ! Worked like a charm