During HCP Anywhere system setup and install, you get the following error - see attachment "invalid_cert_error"
The 2 most common causes of this issue is the hostname mismatch or an expired certificate.
This could be due to the system name of AW did not match the DNS name which was set up in the Host A entry in the DNS server.
The “FQDN" of the host A entry - see attachment "FQDN"
Has to match the “System Name” in the AW MUI - see attachment "AW_system name"
Changing the "System Name" inside the AW MUI will not update the certificate AW is using. So you want to update this one as well.
- Go to “System - > Security -> SSL Certificates”.
- Generate/upload a new one here and delete the old one.
Also, you will want to check the certificate on your load balancer as well if you are terminating SSL here.
For the Windows desktop client, hitting “Details…” on the error notification should present the OS certificate dialog where you can examine the details of the certificate. This would be a first step to verify hostname, validate dates, etc.
Also, the hcpaw.log in C:\Users\<username>\AppData\Local\Hitachi Data Systems\HCP Anywhere *may* provide some additional details as to why the certificate did not pass validation. For example you may see log entries along the lines of:
"SECURITY ERROR: CERT_REV_FAILED"
"SECURITY ERROR: INVALID_CERT"
"SECURITY ERROR: CERT_REVOKED"
"SECURITY ERROR: INVALID_CA"
"SECURITY ERROR: CERT_CN_INVALID"
"SECURITY ERROR: CERT_DATE_INVALID"
"SECURITY ERROR: SECURITY_CHANNEL_ERROR"
Note these messages are specific to Windows desktop client. Other clients using different http libraries will vary.