AutoSys Workload Automation

  • Private Community
 View Only

  • 1.  Connection with the CA EEM Server failed. Verify if the certificates were generated with the custom keylength (2048 or above).

    Posted Apr 06, 2020 01:59 PM
    Hi All,

    Need help !

    I am installing WCC on linux server. While installing, I am asked to enter EEM server name and password .

    After entering details, getting below error message :

    ***  EEM error  ***

    *******************

    Connection with the CA EEM Server failed. Verify if the certificates were

    generated with the custom keylength (2048 or above).

    EEM is already installed and I am able to login successfully. 

    Both EEM and WCC applications are on same machine .



    ------------------------------
    Regards,
    Saravana
    ------------------------------


  • 2.  RE: Connection with the CA EEM Server failed. Verify if the certificates were generated with the custom keylength (2048 or above).

    Posted Apr 07, 2020 02:09 AM

    Hey Saravana,

    you need to Add support for 2048 Certs for EEM

    for that follow these steps:

    1) go into root :
    sudo su -

    2) Set globals as needed –

     export EIAM_HOME=/opt/CA/SharedComponents/EmbeddedEntitlementsManager

    export JAVA_HOME=$EIAM_HOME/jre

    PATH=$JAVA_HOME/bin:$PATH


    2) run EEM config tool to create support for new certs

    cd  $EIAM_HOME/bin

    java -jar eiam-clustersetup.jar

    this command will open a script that will do the process for you

    then enter the command :

    modifycerts


    [root@MyAutosysServer bin]# java -jar eiam-clustersetup.jar

    Dec 3, 2019 3:18:57 PM IclUtil itechLibInit

    INFO: iTechSDK initialized successfully

    INFO  - EIAM_HOME [/opt/CA/SharedComponents/EmbeddedEntitlementsManager/]

    INFO  - IGW_LOC [/opt/CA/SharedComponents/iTechnology/]

    INFO  - DXHOME [/opt/CA/SharedComponents/CADirectory/dxserver/]

    INFO  - Hostname identified as [MyAutosysServer]

    INFO  - Failover tool is running on primary server

    INFO  - Checking server status

    INFO  - igateway status      [started]

    INFO  - dxserver status      [started]

     

    Are you sure you want to continue? [Y/N]:y

    [MyAutosysServer]>modifycerts

    INFO  - Enter Certificate Key Length [default = 1024]

    INFO  -    [1] 1024

    INFO  -    [2] 2048

    INFO  -    [3] 4096

    Select key length from [1 - 3] : 2

    Enter Digest Algorithm [default = SHA256]

    INFO  - Enter Digest Algorithm [default = SHA256]

    INFO  -    [1] SHA1

    INFO  -    [2] SHA256

    INFO  -    [3] SHA384

    INFO  -    [4] SHA512

    Select Digest algorithm from [1 - 4] : 2

    =======================================================

    INFO  - Summary

    =======================================================

    INFO  - Upgrading all certificates to key length: [2048]

    INFO  - Upgrading all certificates to [digest algorithm : SHA256]

    -------------------------------------------------------

    Are you sure you want to continue? [Y/N]:y

    INFO  - Stopping dxserver service

    INFO  - Stopping igateway service

    INFO  - Generating : iAuthority certificates [key length: 2048, digest algorithm: SHA256

    INFO  - Generating : iControl certificates [key length: 2048, digest algorithm: SHA256

    INFO  - Generating : iGateway certificates [key length: 2048, digest algorithm: SHA256

    INFO  - Generating : iauthority sdk configuration [/opt/CA/SharedComponents/iTechnology/iAuthority.iTechSDK.xml]

    INFO  - Generating : DSA certificates [key length: 2048, digest algorithm: SHA256

    INFO  -

    INFO  -

    INFO  - Generating file : /opt/CA/SharedComponents/CADirectory/dxserver/config/ssld/itechpoz-trusted.pem

    INFO  -

    INFO  - Starting dxserver service

    INFO  - Starting igateway service

    INFO  - Run [status] to get server details.

    [MyAutosysServer]>exit

    [root@MyAutosysServer bin]#

    Now try to reinstall WWC

    Good luck,
    Yoni


    Original Message


  • 3.  RE: Connection with the CA EEM Server failed. Verify if the certificates were generated with the custom keylength (2048 or above).

    Posted Apr 08, 2020 09:47 AM
    Hi Yoni,

    Thanks you so much !! That worked like wonder.

    I hope you don't mind asking for one more error

    I am not asked to install SDK client, and when installing it, it gives an  error as follows :

    09:22:00 Installation product "ca-waae-base", version "11.3.6.1643"

    ===================================================================

    09:22:01 Job executed successfully

     

    09:22:01 Installation product "ca-waae-common", version "11.3.6.1643"

    =====================================================================

    error: Failed dependencies:

           /bin/ed is needed by ca-waae-common-11.3.6-1643.i386

    Script or command "rpm -i "/mnt/testsara/SDK/Linux/SDK/RPM/ca-waae-common-11.3.6-1643.i386.rpm"" failed with exit code 1.

    Reason:         The script or command encountered a problem.

    Action:         Find further details in the installation log file

                   /opt/CA/SharedComponents/installer/log/CAWorkloadAutomationAE-SDK.log.

     

    09:22:02

    Terminating install. Reverting changes.

     

    09:22:03 Job executed with error: 7


    Original Message


  • 4.  RE: Connection with the CA EEM Server failed. Verify if the certificates were generated with the custom keylength (2048 or above).

    Posted Apr 09, 2020 11:49 AM
    Hi Saravana,

    I'm not sure exactly what is the problem , but i can tell you that the thing you are missing is part of the product components ( i think the Common components)
    and not some linux lib /package - i would open a ticket to the support with the installation log added. If you see any CAUAJM_E_(some number) add it to the ticket as well or look it up in google - usually you can get a good idea of what is wrong (or find solutions people put online)

    Hope this helps , good luck
    Yoni 
    Original Message


  • 5.  RE: Connection with the CA EEM Server failed. Verify if the certificates were generated with the custom keylength (2048 or above).

    Posted Aug 23, 2020 02:48 PM
    Hi Saravana,

    I faced the same issue while installing the WCC 11.4 SP7, I installed the rpm "ed" and I retried, it completed without any issues.

    yum install -y ed.x86_64

    Regards,
    Raj


    Original Message


  • 6.  RE: Connection with the CA EEM Server failed. Verify if the certificates were generated with the custom keylength (2048 or above).
    Best Answer

    Broadcom Employee
    Posted Apr 07, 2020 02:21 AM
    Hi Saravana,
    You need upgrade EEM certificate  KeyLength to 2048 and set the Algorithm to SHA1 or 256.
    Please follow the steps detailed here -
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/ca-embedded-entitlements-manager/12-6/configuring/certificates-with-custom-key-length-for-ca-eem-server/how-to-generate-the-certificates.html 

    Retry the WCC installation.

    Regards,
    Kishore Kumar Udathaneni

    Original Message