AnsweredAssumed Answered

Error: "the certificate Supplied by the HCP Anywhere server is invalid"

Question asked by Rajiv Garg Employee on Jun 19, 2017
Latest reply on Oct 15, 2018 by Ralf Buschmann

During HCP Anywhere system setup and install, you get the following error - see attachment "invalid_cert_error"

Probable Cause

The 2 most common causes of this issue is the hostname mismatch or an expired certificate.

Resolution

This could be due to the system name of AW did not match the DNS name which was set up in the Host A entry in the DNS server.

The “FQDN" of the host A entry - see attachment "FQDN"

Has to match the “System Name” in the AW MUI - see attachment "AW_system name"

Changing the "System Name" inside the AW MUI will not update the certificate AW is using.  So you want to update this one as well.

  • Go to  “System - > Security -> SSL Certificates”. 
  • Generate/upload a new one here and delete the old one.

Also, you will want to check the certificate on your load balancer as well if you are terminating SSL here.

Troubleshooting

For the Windows desktop client, hitting “Details…” on the error notification should present the OS certificate dialog where you can examine the details of the certificate. This would be a first step to verify hostname, validate dates, etc.

Also, the hcpaw.log in C:\Users\<username>\AppData\Local\Hitachi Data Systems\HCP Anywhere *may* provide some additional details as to why the certificate did not pass validation. For example you may see log entries along the lines of:

"SECURITY ERROR: CERT_REV_FAILED"

"SECURITY ERROR: INVALID_CERT"

"SECURITY ERROR: CERT_REVOKED"

"SECURITY ERROR: INVALID_CA"

"SECURITY ERROR: CERT_CN_INVALID"

"SECURITY ERROR: CERT_DATE_INVALID"

"SECURITY ERROR: SECURITY_CHANNEL_ERROR"

Note these messages are specific to Windows desktop client. Other clients using different http libraries will vary.

Outcomes