Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1330735.1
Update Date:2011-06-17
Keywords:

Solution Type  Problem Resolution Sure

Solution  1330735.1 :   KMS/OKM - Peer Certificate Errors Reported by Agents  


Related Items
  • Oracle Key Manager
  •  
Related Categories
  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
  •  




In this Document
  Symptoms
  Cause
  Solution


Applies to:

Oracle Key Manager - Version: 2.0.0 and later   [Release: 2.0 and later ]
Information in this document applies to any platform.

Symptoms

Peer certificate errors reported by Agents

This can be due to the agent was enrolled or the passphrase reset and the change has not replicated
to all KMA's in the cluster yet.

Cause

User Logs into KMA1 resets agent passphrase, drive is re-enrolled to KMA1.
KMA1 generates a new certificate value for the agent.

The drive then tries to retrieve a key from KMA2, which then generates an error in the AuditLog.
Security Violation    Medium Term Retention    Certificate Verification    Peer Certificate is invalid    Error    000082000028    2011-06-14 08:46:22.018917+00    048C    172.18.16.46    Certificate Serial Number = B155BE2F62384FDA000000000000012D

The reason is KMA2 does not contain the new replicated certificate serial number value yet.!

Solution

Customer should log into KMS Manager and Check the KMA List, for replication lag size.
The lag size should be 0 or a low value.

Once the lag size is 0, then the error should no longer be reported.

Note:
If peer certificate error's are reported on all KMA's in the cluster then recommend the passphrase for the agent be reset and the drive re-enrolled.
Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback