![]() | Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition | ||
|
|
![]() |
||||||||||||
Solution Type Problem Resolution Sure Solution 1330735.1 : KMS/OKM - Peer Certificate Errors Reported by Agents
In this Document
Applies to:Oracle Key Manager - Version: 2.0.0Information in this document applies to any platform. SymptomsPeer certificate errors reported by AgentsThis can be due to the agent was enrolled or the passphrase reset and the change has not replicated to all KMA's in the cluster yet. CauseUser Logs into KMA1 resets agent passphrase, drive is re-enrolled to KMA1.KMA1 generates a new certificate value for the agent. The drive then tries to retrieve a key from KMA2, which then generates an error in the AuditLog. Security Violation Medium Term Retention Certificate Verification Peer Certificate is invalid Error 000082000028 2011-06-14 08:46:22.018917+00 048C 172.18.16.46 Certificate Serial Number = B155BE2F62384FDA000000000000012D The reason is KMA2 does not contain the new replicated certificate serial number value yet.! SolutionCustomer should log into KMS Manager and Check the KMA List, for replication lag size.The lag size should be 0 or a low value. Once the lag size is 0, then the error should no longer be reported. Note: If peer certificate error's are reported on all KMA's in the cluster then recommend the passphrase for the agent be reset and the drive re-enrolled. Attachments This solution has no attachment |
||||||||||||
|