Hey Paul,
First of all , thank you for the reply.
I tried as you suggested but got some weird JAVA error,
Could you please have alook? Heres the recap:
[root@ptktl-autosys11web bin]# java -jar eiam-clustersetup.jar
Nov 05, 2019 9:50:59 AM IclUtil itechLibInit
INFO: iTechSDK initialized successfully
INFO - EIAM_HOME [/opt/CA/SharedComponents/EmbeddedEntitlementsManager/]
INFO - IGW_LOC [/opt/CA/SharedComponents/iTechnology/]
INFO - DXHOME [/opt/CA/SharedComponents/CADirectory/dxserver/]
INFO - Hostname identified as [ptktl-autosys11web.bezeqint.co.il]
INFO - Failover tool is running on primary server
INFO - Checking server status
INFO - igateway status [started]
INFO - dxserver status [started]
Are you sure you want to continue? [Y/N]:y
[ptktl-autosys11web.bezeqint.co.il]>modifycerts
INFO - Enter Certificate Key Length [default = 1024]
INFO - [1] 1024
INFO - [2] 2048
INFO - [3] 4096
Select key length from [1 - 3] : 2
Enter Digest Algorithm [default = SHA256]
INFO - Enter Digest Algorithm [default = SHA256]
INFO - [1] SHA1
INFO - [2] SHA256
INFO - [3] SHA384
INFO - [4] SHA512
Select Digest algorithm from [1 - 4] : 2
=======================================================
INFO - Summary
=======================================================
INFO - Upgrading all certificates to key length: [2048]
INFO - Upgrading all certificates to [digest algorithm : SHA256]
-------------------------------------------------------
Are you sure you want to continue? [Y/N]:y
INFO - Stopping dxserver service
INFO - Stopping igateway service
INFO - Generating : iAuthority certificates [key length: 2048, digest algorithm: SHA256
Exception in thread "main" java.lang.IncompatibleClassChangeError: class org.bouncycastle.asn1.x509.X509Name has interface org.bouncycastle.asn1.ASN1Encodable as super class
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:763)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:468)
at java.net.URLClassLoader.access$100(URLClassLoader.java:74)
at java.net.URLClassLoader$1.run(URLClassLoader.java:369)
at java.net.URLClassLoader$1.run(URLClassLoader.java:363)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:362)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at com.ca.eiam.common.security.CertificateGenerator.generateSelfSignedCertificate(CertificateGenerator.java:77)
at com.ca.eiam.failovertool.CertificateTagReader.generate(CertificateTagReader.java:31)
at com.ca.eiam.failovertool.CertificateTagReader.generate(CertificateTagReader.java:21)
at com.ca.eiam.failovertool.IAuthorityConfigHandler.updateRootCert(IAuthorityConfigHandler.java:238)
at com.ca.eiam.failovertool.IAuthorityConfigHandler.updateIAuthorityCertificates(IAuthorityConfigHandler.java:216)
at com.ca.eiam.clustersetup.FailoverConfigurator.modifyCertificateKeyLength(FailoverConfigurator.java:621)
at com.ca.eiam.clustersetup.FailoverConfigurator.performAction(FailoverConfigurator.java:371)
at com.ca.eiam.clustersetup.FailoverConfigurator.commandPrompt(FailoverConfigurator.java:356)
at com.ca.eiam.clustersetup.FailoverConfigurator.main(FailoverConfigurator.java:106)
[root@ptktl-autosys11web bin]#
Thanks and regards,
Yoni
------------------------------
Remember that not getting what you want is sometimes a wonderful stroke of luck
-Dalai Lama
------------------------------
Original Message:
Sent: 11-05-2019 02:40 AM
From: Paul Tayler
Subject: Help installing WCC 11.4 SP7
Hi Yoni,
I have WCC 11.4 SP7 running in my test lab. I followed the instructions in "Configure CA EEM for Root Certificates Generated with Different Key Lengths". For the certificates I used "java -jar eiam-clustersetup.jar" to create them. This is described in the "Generate the Certificates" section of the EEM implementation guide. I have not been able to find that in the new documentation location. Essentially you just run eiam-clustersetup.jar, execute the command "modifycerts" and follow the prompts. Remember to backup the 1024 length certificates first, you will need them if you want AutoSys to use the same EEM as WCC.
regards
Paul
Original Message:
Sent: 11-04-2019 08:57 AM
From: Yehonatan Amir
Subject: Help installing WCC 11.4 SP7
Hey all :)
I'm trying to install the new WCC 11.4 SP7,
It seems in this new version CA WCC, requires root certificates with a key length of 2048 or more.
source
So i tried using openSSL to create a self signed cert :
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
and load it to the EEM (as suggested in the source document), but i'm still unable to install WCC SP7 , that keeps giving me this error :
Connection with the CA EEM Server failed. Verify if the certificates were generated with the custom keylength (2048 or above).
Anyone had any luck installing this version?
Please help :)
Yoni