cancel
Showing results for 
Search instead for 
Did you mean: 

nbemmcmd -getCAcertificate fails with STATUS 8507: The certificate could not be verified.

Hello,

I am installing a new Linux client 8.1.1 version. We have the error running the getCAcertificate, we have verified that name resolution between client and master is ok.

The bptestbpcd give us the following error:

bptestbpcd -client lvwgdmtstapp2 -verbose
<16>bptestbpcd main: Function ConnectToBPCD(lvwgdmtstapp2) failed: 7658
<16>bptestbpcd main: Connection cannot be established because the host validation cannot be performed on the target host
Connection cannot be established because the host validation cannot be performed on the target host

 

Thanks for your help, any advice is welcomed.

Best regards

 

Tags (2)
10 Replies
Highlighted

Re: nbemmcmd -getCAcertificate fails with STATUS 8507: The certificate could not be verified.

Is port 1556 open between client and master?
Is Linux firewall (iptables) running on the client?

Try to telnet on port 1556 in both directions to test. 

Highlighted

Re: nbemmcmd -getCAcertificate fails with STATUS 8507: The certificate could not be verified.

Hello Marianne,

I forgot to say that pbx is running and the 1556 port is reachable by the master. Firewall is disabled in the client.

 

Thanks for your reply

 

Oolmedo

Highlighted

Re: nbemmcmd -getCAcertificate fails with STATUS 8507: The certificate could not be verified.

Also, yes 1556 port in both directions.

 

thanks

Highlighted

Re: nbemmcmd -getCAcertificate fails with STATUS 8507: The certificate could not be verified.

Which command do you use?
Nbcertcmd -getcacertificate -force?
Nbcertcmd -getcertificate -force -token xxxxxx?
Highlighted

Re: nbemmcmd -getCAcertificate fails with STATUS 8507: The certificate could not be verified.

Hello,

I have used: nbcertcmd -getCAcertificate -server servername

 

thanks and best regards

Highlighted

Re: nbemmcmd -getCAcertificate fails with STATUS 8507: The certificate could not be verified.

try this on the client and the master

bpclntcmd -clear_host_cache

and then this on the client :

nbcertcmd -getcacertificate -force

nbcertcmd -getcertificate -force -token (generate a new token from the master)

and put the output here.

also a snip of high verbo of nbcert log would be helpful

 

good luck.

BR

Highlighted

Re: nbemmcmd -getCAcertificate fails with STATUS 8507: The certificate could not be verified.

Hi,

-force option seems not be available.

nbcertcmd -getCAcertificate -help
Usage: nbcertcmd -getCACertificate
[-file <fingerprint_file_name>]
[-cluster]
[-server <master_server_name>]

Description:
Connects to the master server and gets the certificate of the Certificate
Authority (CA). It then displays the fingerprint of the certificate and adds
it to the local trust store after confirmation from the user.

Options:
-cluster
Performs the operation on the global certificate store.
-file fingerprint_file_name
Specifies the path of the file containing the CA certificate fingerprint.
-server master_server_name
Specifies an alternate master server. By default, this command uses the
first server entry in the NetBackup configuration.

 

Thanks and best regards

Highlighted

Re: nbemmcmd -getCAcertificate fails with STATUS 8507: The certificate could not be verified.

Hi,

mybad, for the first command "nbcertcmd -getCacertificate" only,

the -force is for the second command "ncbertcmd -getcertificate -force"

are you able to ping the masters name?

are you able to telnet the port 1556 to the master?

if yes, verify the entry SERVER in netbackup's config on the client's registry if its a windows or the bp.conf if its a linux/unix.

when all these are good then rerun the commands and provide nbcert log (high verbo)

NBSmiley Tonguelease note the FQDN & Short name of both clients & masters (clients name on the master & master's name on the client)..

 

good luck,

Highlighted

Re: nbemmcmd -getCAcertificate fails with STATUS 8507: The certificate could not be verified.

Hello:

are you able to ping the masters name? Yes, no problem

are you able to telnet the port 1556 to the master? Yes no problem

if yes, verify the entry SERVER in netbackup's config on the client's registry if its a windows or the bp.conf if its a linux/unix. - Yes master server is the first line SERVER in bp.conf

From nbcert.log we see the following error:

NBClientCURL:Smiley TongueerformCurlOperation: Failed to perform operation: Peer certificate cannot be authenticated with given CA certificates

thanks and best regards

 

 

 

Highlighted

Re: nbemmcmd -getCAcertificate fails with STATUS 8507: The certificate could not be verified.

Is this a new fresh installation ? Did you use to have a client with the same name?
Are you able to resolve client’s both name & ip from the master server? And from the master too?
Is the client’s bp.conf has the master stated with the short or the fqdn?

Please we need nbcertcmd whole log to verify where it stucks
Also, before doing another test, add this entry to the master’s bp.conf (if it is a linux/unix):
ENABLE_NBCURL_VERBOSE=1 (you can disable it after the test by change it to =0)
If it’s a windows, add the same key in the registry path key..(you can google it)
One more thing, could you please put the output of this commands from the client :
Bpclntcmd -pn
Bpclntcmd -hn <NAME_MASTER>
Bpclntcmd -ip <IP_MASTER>
Good luck</IP_MASTER></NAME_MASTER>