Access Manager Dashboard returns Login Failure. Invalid Username or Password after assigning an external signed x509 Certificate to the Administration Console.
Issue: Dashboard server is missing the Trusted Root Certificate chain in order to validate the external signed / issued certificate running with the administration console server. Using iManager to assign an external signed certificate to the Administration Console service will not add the required Root Certificates to the Dashboard servers truststore: /opt/novell/devman/jcc/conf/runtime/jcc_devman.keystore. Adding the required Root Certificates to the Access Manager Certificates = > Trusted Roots will not add certs into the /opt/novell/devman/jcc/conf/runtime/jcc_devman.keystore.
Resolution: Use the following steps to manually add the missing Root Certificates into /opt/novell/devman/jcc/conf/runtime/jcc_devman.keystore.
SSH to your dashboard server.
Create a backup copy of the existing /opt/novell/devman/jcc/conf/runtime/jcc_devman.keystore
Obtain the required password to access the keystore:
cd /opt/novell/devman/jcc/conf
./ksinfo.sh dump | grep -a2 "jcc_devman.keystore"
Use Keystore Explorer to add the required certificates.
NOTE:Opening the /jcc_devman.keystore you will be prompted for the keystore password which we discovered from above mentioned steps.
Save the changes and restart Analytics Server.
At times the nodes create their own cluster instead of joining the Elasticsearch cluster. In case the Elasticsearch cluster health displays red color in Administration Console user interface for any of the nodes, follow the steps on non-primary nodes only:
Stop the Elasticsearch service in all the nodes where cluster health is displaying red color. Do not stop the service on the primary server.
Run the /opt/novell/nam/scripts/configure_cluster.sh script on all the non-primary nodes one by one which display the cluster health in red color.